Don't permit access to internal keys via API.

web/1.0/methods/useradmin.php

@@ -36,6 +36,8 @@ protected function get2FAKeyFromParam($userid, $secretid) {
 			$key = TwoFactorKey::loadFromUserKey($this->getContextKey('db'), $userid, $secretid);
 			if ($key === FALSE) {
 				$this->getContextKey('response')->sendError('Unknown 2fakey: ' . $secretid);
+			} else if ($key->isInternal()) {
+				$this->getContextKey('response')->sendError('Unknown 2fakey: ' . $secretid);
 			}
 
 			return $key;