tar: potential heap overflow in lib/wordsplit.c env var construction using strcpy

In lib/wordsplit.c, environment key/value buffer construction for variable expansion uses strcpy() with incorrect size reasoning. It allocates v = malloc(namelen + strlen(value) + 2), then copies into v+namelen using strcpy(). This is a dangerous unbounded copy pattern; if the actual bytes copied differ from strlen(value) expectations (e.g., due to upstream handling quirks or non-standard strings), it can lead to a heap overflow (CWE-120 / CWE-787).