Use application_role_id on environment_roles.

In the future, an `application_invitation1 will not refer to a `user` until
someone accepts the invitation; they'll only reference an
`application_role`. When a user is invited to an application, the
inviter can specify the environments the invitee should have access to.
For this to be possible, an `environment_role` should reference an
`application_role`, because no `user` entity will be known at that time.

In addition to updating all the models and domain methods necessary for
this change, this commit deletes unused code and tests that were
dependent on `environment_roles` having a `user_id` foreign key.

tests/test_access.py

@@ -10,18 +10,7 @@ from atst.domain.auth import UNPROTECTED_ROUTES as _NO_LOGIN_REQUIRED
 from atst.domain.permission_sets import PermissionSets
 from atst.models import CSPRole, PortfolioRoleStatus, ApplicationRoleStatus
 
-from tests.factories import (
-    AttachmentFactory,
-    ApplicationFactory,
-    ApplicationRoleFactory,
-    EnvironmentFactory,
-    EnvironmentRoleFactory,
-    PortfolioInvitationFactory,
-    PortfolioFactory,
-    PortfolioRoleFactory,
-    TaskOrderFactory,
-    UserFactory,
-)
+from tests.factories import *
 
 _NO_ACCESS_CHECK_REQUIRED = _NO_LOGIN_REQUIRED + [
     "task_orders.get_started",  # all users can start a new TO
@@ -265,11 +254,6 @@ def test_application_settings_access(get_url_assert_status):
         applications=[{"name": "Mos Eisley", "description": "Where Han shot first"}],
     )
     app = portfolio.applications[0]
-    env = EnvironmentFactory.create(application=app)
-    env_role = EnvironmentRoleFactory.create(
-        environment=env, role=CSPRole.NETWORK_ADMIN.value
-    )
-    ApplicationRoleFactory.create(application=app, user=env_role.user)
 
     url = url_for("applications.settings", application_id=app.id)
     get_url_assert_status(ccpo, url, 200)