json: Do not allow to export or delete secret keys.

* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.

This should not be possible from a browser and we need to make this
fully clear. Actually gpg-agent won't allow that anyway but having
this explicitly is better.

If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.

• Signed-off-by: Werner Koch <wk@gnupg.org>