We want it to be possible to allow a user to remove/add users to a group but without allowing them to remove/add themselves to those groups.
The $wgAddGroups and $wgRemoveGroups configuration variables control which user groups can be added or removed by users in a certain group. This is used to allow splitting up the big responsibility of "bureaucrat". For example, at WMF a sysop user can usually not grant any group memberships, but through this mechanism granting of ipblock-exempt is enabled. It also goes in the other direction in that bureaucrat users are not able to grant checkuser or steward permissions.
The $wgGroupsAddToSelf and wgGroupsRemoveFromSelf configuration variables allow granting users the ability to only toggle a user right that they are generally already entrusted with, but for technical reasons don't want permanently enabled. At WMF this is used as a hack for being able to use the "bot flag" for several edits in a row to avoid spamming RecentChanges (the "flood" user group).
$wgGroupsRemoveFromSelf allows the site manager to specify what groups a user can remove from themselves, even if they would otherwise not be able to do so. I am requesting the inverse of this; a variable that allows the site manager to specify what groups they cannot remove from themselves, even if they can remove it from others.
The main utility of this feature would be that you can ensure that there is always at least one member of the group. Imagine a setup like this:
$wgGroupPermissions['bureaucrat']['userrights'] = false;
$wgAddGroups['bureaucrat'] = array( 'sysop', 'bot', 'bureaucrat' );
$wgRemoveGroups['bureaucrat'] = array( 'sysop', 'bot', 'bureaucrat' );
$wgAddGroups['serveradmin'] = array( 'serveradmin' );
$wgRemoveGroups['serveradmin'] = array( 'serveradmin' );
Here, only serveradmins can promote or demote other serveradmins (obviously for this to work, these options would have to be added piece-meal or database wonkery gets involved, but ignore that for now, it's irrelevant). Thus, if the only member of the group accidentally removes themself from the group, they cannot re-add themselves to it, nor can any one else add themselves to the group.
A new $wgGroupsCannotRemoveFromSelf variable could be set up, with the same syntax, to specify that "serveradmins cannot remove themselves from the serveradmin group", which should help to ensure that accidential clicks are not entirely disastrous.