FR: Implement `try_sapling_compact_note_output_recovery`

[adityapk00]

The zcash_primitives create currently has a try_sapling_output_recovery method that allows wallets to recover outgoing transactions sent by the wallet using an ovk. This allows wallets to show outgoing transactions and memos to the user. This method works on the full sapling note.

It would be nice to also have try_sapling_compact_note_output_recovery that works on the Compact Note. It would be the equivalent of try_sapling_compact_note_decryption, but using an ovk instead of an ivk.

The method could be (where the Output is a CompactOutput):

pub fn try_sapling_compact_note_output_recovery<
    P: consensus::Parameters,
    Output: ShieldedOutput<SaplingDomain<P>>,
>(
    params: &P,
    height: BlockHeight,
    ovk &OutgoingViewingKey,
    output: &Output,
) -> Option<(Note, PaymentAddress)> {}

[adityapk00]

CC: @nuttycom

[str4d]

CompactNotes do not contain outCiphertext (we trimmed out absolutely everything we could to make trial-decryption bandwidth as minimal as possible), so this can't be done without making those notes less compact. We could maybe add a flag that allows light clients to request that these be added, but it would be distinguishable to network observers.

[adityapk00]

This is a mild bummer.

I think it would be a good idea to add it to LightwalletD as an optional, and have light clients be able to request it in GetBlock or GetBlockRange. This will significantly improve sync speed.

out_ciphertext is like 80 bytes, right? Not insignificant, but not that big either, so I think it would still be a good idea to do it.

@LarryRuane @gmale

[adityapk00]

See also: LightwalletD support for a nullifier spent check RPC (https://github.com/zcash/lightwalletd/issues/352)