Introduce `PrivateNoteHeader` newtype and enforce output note invariants

[PhilippGackstatter]

#2205 introduced ProvenOutputNote (to be renamed into OutputNote, and OutputNote -> RawOutputNote). For the remainder of this issue, I'll use the new names.

OutputNote has a Public and Header variant. The Header variant can be renamed to Private, since this should only ever be constructed from private notes. To disallow construction of a OutputNote::Header with a NoteHeader whose metadata is public, we should introduce a PrivateNoteHeader newtype that enforces this, so:

pub enum ProvenOutputNote {
    /// A public note with full details, size-validated.
    Public(PublicOutputNote),
    /// A note header (for private notes or notes without full details).
    Private(PrivateNoteHeader),
}

// Enforces that NoteHeader is NoteType::Private.
pub struct PrivateNoteHeader(NoteHeader);

Next to this, I think RawOutputNote::Partial and RawOutputNote::Header should also only ever be constructed with metadata that is private, so I think we should:

• change PartialNote::new to check that only private metdata is passed
• use the above-mentioned PrivateNoteHeader in RawOutputNote::Header.

Then, only RawOutputNote::Full can contain both public and private notes.

Context: #2205 (comment)