Protected Environment Accesses were not automatically cleaned up
when a user was removed from the project membership.
Also, the leftover user/group entry in the access list
couldn't be removed manually.

This commit fixes these security related bugs.

Changelog: security
EE: true