The @augment_from decorator is useful in API handlers for attaching

new decorators to methods defined in parent functions. However, we have

a couple of API handlers that use it and then override the

functionality. What happens when you do that is that you run the parent

function and then you run the new function both, and you end up running

the decorators for both, hitting the database for some (namely the Local

Site ones) each time.
One of the methods doing that in the codebase today isn't operating in

the way the decorator works, and ends up with the parent implementation

being called twice. The other method does some checks later in the

process than we'd want.
This change fixes up the two methods that are overriding their parents,

removing the @augment_from decorator, applying their own decorators,

and then calling the parent methods when most appropriate. We still end

up with the duplicate decorator handling, but it's the best we can do

right now without additional work on the base API support.
One of the methods was meant to catch a UserQueryError and return a

suitable API error code. This has been broken ever since we sandboxed

calls to AuthBackend.populate_users(). In the process of fixing this,

I fixed that issue to avoid sandboxing this particular error.

All unit tests pass.
Verified that the resulting API errors and fields for this API match

what was there before.