edit engagement: unhide error messages, fix testing lead error

[valentijnscholten]

When the engagement form contained an error while editing an engagement, the error was not shown. This was a generic issue, but we saw it in these cases:

• when adding/editing a product/engagement and changing some of the JIRA fields, but not specifying a JIRA instance or JIRA Project, there was only a generic error message on top of the page. (This was no bug, just a hidden error message)
• when selecting a testing lead, there was an error in the validation rejecting some testing lead values, especially those who are not staff users, but do in fact have staff permission on the product (This was a bug AND a hidden error message) fixes Changing testing lead on engagement is not working #4058

This PR ensures error messages are shown and fixes the bug around the testing lead field validation.

The cause of the testing lead problem was that on the form GET the list of testing leads was generated successfully using the authorization helper.
But on form POST the id of a Product instead of the product model instance itself got passed into the form. This cascaded into the authorization helper function where the check on the id always resulted in False. This lead to the form concluding the chosen lead was not allowed.

This is a corner case / programming error, but got swallowed by the way the authorization helper was built. This PR also makes the authorization helper more strict and throws an error if someone passes in an id instead of an object. (If we only get an id, the authorization helper doesn't which type it is and has no other choice but to raise an error.)