The recent access controls added for repository and review group choices

for conditions resulted in a regression when matching these. Both of

these implemented queryset logic that assumed access to an

HttpRequest, but this wasn't the case during matching. The attempts

caused a KeyError, which was getting caught at the wrong level and

transformed into an entirely different form of error.
This fixes the regression by changing the querysets yet again. Now, if

we're in a condition matching mode (as indicated by a new matching

state set for the choices), we revert back to a simpler query that

just filters on the Local Site.

Verified the failure in new unit tests, and that the issue is now

fixed.