Privacy Issue: Shielded Pools are not being respected and metadata leaks

[AlwaysCompile]

Shielded pools should always be respected when possible because violating shielded pool boundaries results in the leakage of amounts (de-anonymization). Currently, zingo does NOT respect shielded pool boundaries and puts users at risk as a result.

Reproduction:

1. 1 ZEC in Orchard pool. 1 Zec in Sapling pool
2. Send 0.5 ZEC to a Sapling address
3. Zingo will leak the 0.5 ZEC by sending from the wrong pool (Orchard)

Zingo should always be privacy-preserving as much as possible. That means that it should always use as many inputs from the shielded pool corresponding to the receiving address. In this case, the receiving address is a Sapling address. As a result as many inputs as possible should be selected from the Sapling pool so that user privacy is not violated.

Selecting from the Orchard pool violated user privacy and it simply just does not make sense.