Rework shielded action refund

[grarco]

Currently we handle refunds for MASP over IBC transaction by letting the client construct the refund shielding transaction and embedding it in the IBC packet. This, unfortunately, has a problem when it comes to a failure (or timeout) in the IBC transaction involving an asset which is subject to MASP incentives. In this case we'll need to run the refund shielding action but the MASP VP requires the asset to be correctly epoch (i.e. to refer to the current MASP epoch): this is done so that malicious users cannot backdate their assets and extract more rewards than due.

The issue is that the refund transaction is built at the same time (epoch) of the ibc transaction: if Namada crosses a MASP epoch in between the construction of these transactions and the actual refund than the refund will be invalidated and there will be no way for the original source of the transaction to get their tokens back.

We should apply the logic suggested by @cwgoes and support only transparent refunds: this will sidestep this issue altogether, while simplifying the logic. At the same time, this solution doesn't raise any concern with regards to privacy since we can use a disposable address as the target of the refund.