Hi there! Welcome.
I have to start with a caveat that the size of the privacy set is not all that matters, because “set intersection attack” (which is the mathematical generalization of more or less all privacy-penetrating attacks) can — in the wrong circumstances — eliminate an arbitrarily large amount of your set.
So, it’s one of the confusing “yes and no” situations where if someone asks “Is X better than Y because X’s privacy set is bigger than Y’s?”, the answer is often “Yes, if all other things equal, but all other things are not equal so what matters more in this case is what set intersections the attackers can apply.”.
(Here’s a talk I gave recently in which I give an example of an attack that I discovered that can eliminate basically 100% of Monero’s protections every time — the attacker makes two controlled buys. The Monero researchers call this and other similar situations “EAE” for “Eve→Alice→Eve”, and Ian Miers called this “flashlight attack”.)
Note that with today’s Zcash wallets, today’s version of Monero, as well as things like MetaMask and others, a huge attack surface for intersection attack is the network layer. If the attacker can leverage that against you, then it can often negate most or all of the protection that the blockchain layer is trying to offer!
(So, in terms of technology roadmap, it looks to me like the most important privacy upgrade for crypto as a whole would be stronger network-level privacy, such as Tor’s Arti project, the Nym project, or Taylor Hornby’s idea that the Zcash p2p network is already an anonymous communication network. I basically think that — once wallets deploy the new Shielded By Default standard and Halo/Orchard — that Zcash blockchain layer will be so good at privacy that we don’t get much added value from further improving the privacy at the blockchain layer, but that we very much need improvements at the network layer. If others here have different opinions about that, I’d be interested to hear them.)
Okay so with that caveat aside, yes, we at ECC currently think “number of Sapling transactions with at least one shielded output” is currently the best approximation for the privacy set, as shown on our metrics page. That’s assuming that what you want to do is make a transaction from your shielded ZEC in the Sapling pool. If you make a transaction from your shielded ZEC in the Sapling pool, then there is no [*] information at the blockchain layer that gives any hints as to which of those 416,000 previous transactions your shielded ZEC came from. Make sense?
[*] almost no
Now as to your question about whether the “privacy set” includes Sprout, if you make a transaction from your Sprout shielded ZEC, then it is easy to tell from the blockchain layer that your money did not come (directly) from the Sapling pool, so those 416,000 previous Sapling transactions are not part of your privacy set.
As to your question 3, yes, the Orchard pool will begin life with no ZEC in it. Once the first person moves some of their ZEC into the Orchard pool and leaves it there [**], the privacy set will be 1 — if they were then to move their ZEC back out, everyone would be able to tell, from the blockchain layer, where it came from. Once the second person moves some ZEC into the Orchard pool, the privacy set will be 2 — there is no information visible at the blockchain layer allowing an attacker to tell which of the two sources the output came from, and so on.
Shielded By Default will all support auto-shielding by default, which means moving ZEC from the transparent pool to the Orchard pool. Hopefully they will also support auto-migration, which means moving ZEC from the Sprout and/or Sapling pools to the Orchard pool.
[**] IMPORTANT NOTE: If you move your ZEC through a shielded pool on its way to somewhere else, that provides little to no added privacy — to you or to anyone else. Privacy comes from your shielded wallet keeping your ZEC in a privacy pool. I also touch on this issue in the talk I linked above (Zooko Wilcox: How to protect your crypto through privacy - YouTube).
Hope this helps! Interested to find out where you are going with this.