CVE-2020-8177: curl local file overwrite via symlink with -J and -i options

curl versions prior to 7.71.0 are vulnerable to local file overwrite when invoked with both -J (--remote-header-name, which enables content_disposition mode) and -i (--include, which enables show_headers mode) options. The vulnerability allows an attacker to overwrite arbitrary files via symlink attack by crafting a malicious Content-Disposition HTTP header. The root cause is that the tool_header_cb() callback in src/tool_cb_hdr.c uses rename() to move files based on filenames extracted from untrusted HTTP headers, and rename() follows symlinks.