tar: possible command injection cluster via TMPDIR-based global header name composition

In src/xheader.c, xheader_ghdr_name builds globexthdr_name using getenv("TMPDIR") and then strcpy/strcat into an allocated buffer. While the size arithmetic looks correct for simple strlen+template sizing, this function is a good audit target because environment-influenced paths are later embedded into archive header fields and may interact with further path handling code that expects sanitized formats.