CVE-2023-27535: curl FTP connection reuse misses ACCT/ALT-USER credentials

curl 7.88.0 lib/url.c ConnectionExists() pools FTP control connections and only compares user/passwd/sasl_authzid/oauth_bearer in the reuse-match check (lines 1282-1292). FTP-specific authentication options CURLOPT_FTP_ACCOUNT (STRING_FTP_ACCOUNT) and CURLOPT_FTP_ALTERNATIVE_TO_USER (STRING_FTP_ALTERNATIVE_TO_USER), which drive the ACCT command and USER fallback in lib/ftp.c around 2578-2604, are NOT in the match. A second transfer that changes those options silently reuses the already-authenticated control connection, executing under the prior session identity = authentication bypass / wrong-creds-used.