dogtaginstance: add ensure_group method

Add a method for creating a group (if it does not exist).  This will
be used to create a group for ACME RA accounts.

Part of: https://pagure.io/freeipa/issue/4751

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

ipaserver/install/dogtaginstance.py

@@ -541,6 +541,21 @@ class DogtagInstance(service.Service):
         else:
             logger.debug("Added ACI to read groups to %s", dn)
 
+    @staticmethod
+    def ensure_group(group: str, desc: str) -> None:
+        """Create the group if it does not exist."""
+        dn = _group_dn(group)
+        entry = api.Backend.ldap2.make_entry(
+            dn,
+            objectclass=["top", "groupOfUniqueNames"],
+            cn=[group],
+            description=[desc],
+        )
+        try:
+            api.Backend.ldap2.add_entry(entry)
+        except errors.DuplicateEntry:
+            pass
+
     @staticmethod
     def create_user(
         uid: str,