Add Pour symmetry and variable input coin arity

[ebfull]

⚠️ This PR makes changes to the zk-SNARK circuit and should be reviewed carefully. ⚠️

---

Pour symmetry is our (informal) name for adding a vpub_in to the balance equation to make it possible to pass value in and out of pours with more flexibility. In order to make Pours completely replace Protects, there must also be variable input arity. (A Protect-style Pour has zero inputs.)

This PR makes a number of changes to the circuit to accomodate this design change:

• vpub_in is provided for the balance equation as a verifier input.
• Zero-valued input coins bypass the merkle root authentication path check.
• Some redundant constraints are removed.

In order to fully support this new design, I've added PourInput and PourOutput classes to abstract away these concepts as they will (in some transactions) be omitted. I've made the appropriate changes to PourTransaction. (Hopefully, in the future we can abandon the old API design entirely, but I've left it for legacy purposes.)

[ebfull]

Impact on the circuit is negligible:

new:

  * G1 elements in PK: 4745559
  * Non-zero G1 elements in PK: 3981208
  * G2 elements in PK: 659854
  * Non-zero G2 elements in PK: 397245
  * PK size in bits: 1311234993
  * G1 elements in VK: 11
  * G2 elements in VK: 5
  * VK size in bits: 6181

old:

  * G1 elements in PK: 4745163
  * Non-zero G1 elements in PK: 3980944
  * G2 elements in PK: 659788
  * Non-zero G2 elements in PK: 397179
  * PK size in bits: 1311125631
  * G1 elements in VK: 11
  * G2 elements in VK: 5
  * VK size in bits: 6181

Note: This is for the test depth of 4.

[elibensasson]

Where can one find the new circuit description; in particular, the explicit inputs, implicit ones, and the circuit's logic (high level description)? It would be good to maintain in some place such an updated description (if none exists yet)

[ebfull]

@elibensasson It's awesome that you ask. :) That's something I'm working on. I've filed a ticket for that.