Avoid removing other proposals map locations

It was possible to remove a map location from a different proposal (even
one created by a different author) by modifying the hidden `id`
parameter in the form.

So we're making sure the map location we destroy is the one associated
to the proposal we're updating.

Since we're now using the `@proposal` instance variable in the
`destroy_map_location_association` method, we're calling that method
after loading the resource with cancancan.

spec/factories/proposals.rb

@@ -69,6 +69,10 @@ FactoryBot.define do
       published_at { Time.current }
     end
 
+    trait :with_map_location do
+      map_location
+    end
+
     trait :with_milestone_tags do
       after(:create) { |proposal| proposal.milestone_tags << create(:tag, :milestone) }
     end