This commit drastically improves the privacy of the HUSH anonymity set
under attacks which ingest wallet.dat's which have been obtained by
seizure, i.e. stealing someones HUSH wallet.dat and putting it into
chain analysis software. Ciphertrace is known to do this to ZEC and XMR
and we can assume all chain analysis companies are implementing new
ways to de-anonymize privacy coins with any data they can obtain.
Instead of randomly sending to a randomly chosen static address,
hushd Sietch zdust addresses are now randomly generated at run-time. These
addresses are not stored in wallet.dat in any way and their private keys
are not known except by the internal memory of hushd for a few milliseconds.
This data is not stored in long-lived data structures of hushd, only as long
as the RPC z_getnewaddress is running or the equivalent function for internals
code paths. The seeds or private keys of these addresses are never stored on disk.
This now brings hushd on par with SDL, which already does this via a
different but equivalent seed phrase technique.
With this technique, if a HUSH wallet.dat is seized, it's impossible to tell
if any of the shielded outputs are random Sietch zdust with random data payload
or a one-time-use zaddr with encrypted payload.
This code will be "experimental" forever, only supports Sprout, and
is a piece of shit. Deleting with fire.
Sapling viewing keys are the replacement, which already exist.
