I am highly doubtful they would need something so risky.
Since the reader on the door is full RFID rather than a dumber/proprietary/third-party sort of key implementation, I imagine once the car is placed in service mode remotely the command and control cloud which connects the car to Tesla could also load or enable a service key based on its specific signature or even proxy unlock requests up to the c&c cloud for approval in a sort of 2FA type arrangement.
I see no reason why Tesla would need any kind of master key at all, just a way to enable a different key remotely or open up a set of keys signed by a specific upstream authority.
Hopefully I have the terminologies right here, I do understand the broad principles of key and certificate based authentication but it’s hard to communicate succinctly without saying the word key over and over till the point it loses meaning.
The key is to remember we are not talking about keys (physical) , rather we are talking about smart cards and distributed, key based authentication. In fact Tesla is possibly operating one of the largest, modern key distribution and authentication networks around.