Add optional proxy to exchange APIs for light clients

[str4d]

This enables light clients to authenticate directly to exchange APIs without revealing their IP address.

To-do:

• Enforce per-client per-target rate limits on session creation.
• Enforce per-client per-target rate limits on session traffic (by detecting request-response patterns in the proxied TCP traffic).

[str4d]

We can probably use https://pkg.go.dev/golang.org/x/time/rate for this. What we want is:

• A request rate limiter per exchange, that we configure with their respective public API limits.
• A session rate limiter per client, that we configure with some low rate that is sufficient for the kinds of requests that honest light clients will be making ("infrequent" queries of market tickers).
  • We can probably initially assume that we have one session per request, but HTTP connection pooling on the light client side may break this assumption.
  • Once we have request-response detection, we can change this to (or add) a request rate limiter per client.
• Some mechanism for fairly distributing per-exchange request rate limit tokens amongst connected clients (subject to the per-client rate limiter).

[str4d]

This PR will probably get closed, as instead of writing the client side of this (in the necessary Kotlin and Swift), I've integrated Arti into the Swift SDK for Tor support and am using that to fetch exchange rates (Electric-Coin-Company/zcash-light-client-ffi#142, Electric-Coin-Company/zcash-swift-wallet-sdk#1446).