tighten key_type validation on letters api

when in research mode or test key, dont send letters via api - instead,
just put them straight to success state

when using a team key, flat out reject the request (403)

tests/app/db.py

@@ -50,7 +50,9 @@ def create_service(
     service_id=None,
     restricted=False,
     service_permissions=[EMAIL_TYPE, SMS_TYPE],
-    sms_sender='testing'
+    sms_sender='testing',
+    research_mode=False,
+    active=True,
 ):
     service = Service(
         name=service_name,
@@ -58,9 +60,13 @@ def create_service(
         restricted=restricted,
         email_from=service_name.lower().replace(' ', '.'),
         created_by=user or create_user(),
-        sms_sender=sms_sender
+        sms_sender=sms_sender,
     )
     dao_create_service(service, service.created_by, service_id, service_permissions=service_permissions)
+
+    service.active = active
+    service.research_mode = research_mode
+
     return service