Internal snippets can be searched by anyone

From: https://gitlab.zendesk.com/agent/tickets/27733

This one sounds pretty bad:

I was playing around with the public section of our Gitlab install a bit, and noticed there's a pretty serious unintended information disclosure happening in snippets. We have multiple snippets set to internal/private, but anything set to "internal" can be found by the public search without even logging in. Example: https://gitlab.com/search?&snippets=true&scope=&search=password works without me logging into gitlab, and it finds some internal snippets there too(including some actual password configs :/). 
Thanks in advance for looking into this.

Greetings, 
Teun Beijers

/cc: @DouweM, @rspeicher