Use application_role_id on environment_roles.

In the future, an `application_invitation1 will not refer to a `user` until
someone accepts the invitation; they'll only reference an
`application_role`. When a user is invited to an application, the
inviter can specify the environments the invitee should have access to.
For this to be possible, an `environment_role` should reference an
`application_role`, because no `user` entity will be known at that time.

In addition to updating all the models and domain methods necessary for
this change, this commit deletes unused code and tests that were
dependent on `environment_roles` having a `user_id` foreign key.

tests/domain/test_portfolios.py

@@ -111,29 +111,6 @@ def test_scoped_portfolio_for_admin_missing_view_apps_perms(portfolio_owner, por
     assert len(scoped_portfolio.applications) == 0
 
 
-@pytest.mark.skip(reason="should be reworked pending application member changes")
-def test_scoped_portfolio_only_returns_a_users_applications_and_environments(
-    portfolio, portfolio_owner
-):
-    new_application = Applications.create(
-        portfolio, "My Application", "My application", ["dev", "staging", "prod"]
-    )
-    Applications.create(
-        portfolio, "My Application 2", "My application 2", ["dev", "staging", "prod"]
-    )
-    developer = UserFactory.create()
-    dev_environment = Environments.add_member(
-        new_application.environments[0], developer, "developer"
-    )
-
-    scoped_portfolio = Portfolios.get(developer, portfolio.id)
-
-    # Should only return the application and environment in which the user has an
-    # environment role.
-    assert scoped_portfolio.applications == [new_application]
-    assert scoped_portfolio.applications[0].environments == [dev_environment]
-
-
 def test_scoped_portfolio_returns_all_applications_for_portfolio_admin(
     portfolio, portfolio_owner
 ):