Insufficient randomization in swap balance commitment

[TalDerei]

The swap balance commitment cv is not sufficiently hiding in relation to the circuit balance commitment integrity check since (1) cv is deterministically derived from the fee commitment cvf, and (2) pedersen commitments are additively homomorphic. Combining these facts would enable the search space for the private asset values v1 and v2, after Sealed-Bid Batch Swaps are implemented, to be brute forced. The balance commitment needs to be derived with a new blinding factor to break this determinism.

This references component A1 in the ECC audit log, and A2 still needs to be done.

cc @redshiftzero