Description:

Since RC 3.1.x when Merge Roles from SSO is enabled, the Custom Oauth authentication wipes existing user roles from the user, if not defined in Oauth source or the Roles/Groups field of the configuration.

The issue is meaningful because if the Oauth roles don't match with the existing roles, manually managed roles get wiped out. Instead of 'Merge', it now acts more like 'Replace'.

Steps to reproduce:

1. Create a working custom Oauth configuration.
2. Leave the Roles/Groups field name field empty.
3. See that enable Merge Roles from SSO is disabled.
4. Log in with a regular user with Oauth, and check via admin console that the user gets at least the 'Users' role. As Admin, add user one custom role in addition to existing role. Log out with the user account.
5. Again in the admin console, enable Merge Roles from SSO in your custom Oauth config.
   
6. Log in again with the user account.
7. Check the user's roles again from the admin console.

Expected behavior:

All existing roles should stay intact in all use cases. New ones can be added if those are offered by the Oauth source and config allows this, but in this example neither provides them.

Actual behavior:

The user loses his existing 'User' role and any other additional roles. Losing the user role causes lots of issues for the user, for instance listing channels and users under the directory fails, and most of the channels get missing in the channel listing pane.

Server Setup Information:

• Version of Rocket.Chat Server: 3.1.2
• Operating System: CentOS7
• Deployment Method: tar
• Number of Running Instances: 20
• DB Replicaset Oplog: yes
• NodeJS Version: v12.16.1
• MongoDB Version: 3.6.18

Additional context

This behaviour did not exist yet in RC 3.0.12.
The issue may be related to what was tried to achieve in #14454.