CVE-2023-27535: curl FTP connection reuse skips FTP_ACCOUNT / ALTERNATIVE_TO_USER / USE_SSL comparisons

curl 7.88.0 has a logic flaw in lib/url.c::ConnectionExists() that allows authentication bypass via FTP connection reuse. When the connection cache is searched for a reusable connection, the credential-comparison block (lib/url.c:1282-1292) only compares user, passwd, sasl_authzid and oauth_bearer. It does NOT compare FTP-specific options that materially change the authenticated identity of the connection: CURLOPT_FTP_ACCOUNT (STRING_FTP_ACCOUNT, sent as ACCT in lib/ftp.c:2578), CURLOPT_FTP_ALTERNATIVE_TO_USER (STRING_FTP_ALTERNATIVE_TO_USER, used as a fallback login in lib/ftp.c:2595), CURLOPT_USE_SSL level, and CURLOPT_FTP_SSL_CCC. Consequently a second transfer that changes any of these options is silently routed onto the previously authenticated FTP control channel and inherits the original session's privileges — an FTP authentication bypass.