don't allow grants for non-existent users

@jamesbeedy: thank you for filing the bug! Are these local or external users?

For local users, you should get an error when the user does't exist. For example, if I create a user "foo" on my localhost controller, I can grant access to a model for that user, but not for a non-existent user "bar":

```
petevg@badjanet:~$ juju add-user foo
User "foo" added
Please send this command to foo:
    juju register <hash redacted>

"foo" has not been granted access to any models. You can use "juju grant" to grant access.
petevg@badjanet:~$ juju models
Controller: raven

Model Cloud/Region Type Status Machines Units Access Last connection
controller localhost/localhost lxd available 1 - admin just now
test-run* localhost/localhost lxd available 1 1 admin 2020-09-15

1 petevg@badjanet:~$ juju grant foo read test-run
1 petevg@badjanet:~$ juju grant bar read test-run
ERROR could not grant model access: user "bar" does not exist locally: user "bar" not found

```

However, I can add access for the external user bar. The following succeeds, without an error message:

``
petevg@badjanet:~$ juju grant bar@external read test-run
```

This is intended behavior, as we don't really know what external users exist.

With JAAS, we do have a better shot at looking up whether a user is valid. This might be a feature request against JAAS, to add functionality to treat "external" users w/in JAAS in the same way that we treat internal users. I don't know off the top of my hand how complex this would be.

I'm not sure whether Candid (as the API for talking about external users) allows a way to probe for the existing of a user, or whether that was explicitly hidden (so that arbitrary users can't see if other arbitrary users exist).
It certainly is nicer UX to be told your grant won't succeed because that user doesn't exist.

This bug has not been updated in 2 years, so we're marking it Low importance. If you believe this is incorrect, please update the importance.