wget: potential TOCTOU race when updating symlinks during FTP retrieval

In [REDACTED], when handling remote symbolic links ([REDACTED]) and opt.retr_symlinks is disabled, wget attempts to create the local symlink by first lstat()'ing the existing target, reading its current link via readlink(), and then performing unlink([REDACTED]) followed by symlink(). This sequence is vulnerable to TOCTOU: an attacker who can replace [REDACTED] between the lstat/readlink and unlink/symlink operations can redirect where the symlink is written. The code also performs unlink without using an atomic FD-based approach.