Very interesting answers. Thanks you, I like your approach. I was code going to add Add-PnPUserToGroup but i think your approach is more elegant. I did find that trying to add external user who was already on the tenant caused and exception which needed to handle
I will look at dynamic groups as it looks useful if the domain in question is "safe" .