```
Bullet::Notification::UnoptimizedQueryError: user: localuser
GET http://admin.foo.3scale.localhost:39073/p/admin/applications/16
AVOID eager loading detected
  ApplicationPlan => [:plan_metrics]
  Remove from your query: .includes([:plan_metrics])
```

Fixes issue with keys.feature:Regenerate provider key

Bullet::Notification::UnoptimizedQueryError: user: avalon
PUT http://master-account.3scale.localhost:42285/p/admin/applications/4/change_user_key
AVOID eager loading detected
  ApplicationPlan => [:original]
  Remove from your query: .includes([:original])

```
Bullet::Notification::UnoptimizedQueryError:
  user: default
  GET /admin/api/applications.json?provider_key=***&inactive_since=2014-05-05
  AVOID eager loading detected
    Service => [:default_application_plan]
    Remove from your query: .includes([:default_application_plan])
```

The `#where_values_hash` method does not support joins and sub-queries.

Originally the `account.provided_cinstances` part was ignored because it
was JOINs. With the update to sub-queries, it turned into `plan_id: nil`
which is incorrect and broke the logic.

So now we keep logic as previously by resorting only to the
`Cinstance.permitted_for` part of the query.

This relies on the fact that `Cinstance.plan.issuer` is set as
`Cinstance.service` when that issuer is a service.

Also relies on the fact that `User.member_permission_service_ids` will
not set to ids of services that don't belong to the account.

Which may not be ideal but allows for permission checking without extra
database queries.

Historically it was a conscious decision to optimize access to cintance
-> service by denormalizing the database. So we can access service
directly and not through the plan.

We also keep these two in sync with model callbacks.

So this commit further simplifies the queries to fully rely on this
fact.