The security-related entities, e.g., definition of username, database roles, role memberships, permissions, are determined by a specific server configuration, and they do not belong to programming asserts, a.k.a., programmability of stored procedure, function, etc.
We have resolved this issue by removing the security-related entities from the SQL Server Database project.
We also configured Visual Studio's Schema Compare to ignore the following object types to prevent synchronizing on the security-related entities in future: