New function to return the course format settings for external clients
via Web Services.
Some settings (like private keys/tokens) should be not returned if the
user hasn’t appropriate permissions.
With a single-activity course, visibility to students is controlled by
course visibility. There is no sense in having the key activity not
visible to students, and, if you did, the symptoms were almost
incomprehensible. It was very hard to work out what you had done wrong.