Mainly give access for group/company to Hosting Subscription and its module.

As explicit is better then implicit give explicitly group/company access to
other modules and portal types even if access was already given by role/member.

Also use typical owner (zope) instead of artificial ones (admin or
ERP5TypeTestCase).