tar: potential buffer overflow via strcpy in lib/wordsplit.c env assignment

In lib/wordsplit.c, wsplt_assign_var() builds environment strings for variable expansion. In the non-ENV_KV path, it allocates a buffer sized as namelen + strlen(value) + 2, writes '=', then uses strcpy(v + namelen, value). Using strcpy on a computed destination without always tying copy length to the allocation size is a classic CWE-120 buffer-overflow risk if length accounting ever desynchronizes (e.g., size_t overflow in allocation).