We had some error handling for checking that someone wasn't trying to

set the submitter of a review request to a user that didn't exist, but

this failed in the local site case (and in the case of other failures

such as authentication backend errors). This change reorders the code so

that we don't get an UnboundLocalError, instead returning the correct

webapi error.
This adds a couple unit tests for the two cases (expected and unexpected

errors), and cleans up a related unit test that I came across while I

was in here.

Ran unit tests.