wget ftp VMS listing parsing can overflow fixed stack buffer in ftp_parse_vms_ls via strcpy

In src/ftp-ls.c, ftp_parse_vms_ls() parses VMS FTP directory listing output and builds a fixed-size stack buffer date_str[32]. When a token is classified as a Date (strlen(tok) < 12 and contains '-'), it is copied into date_str using strcpy() and then ' ' is appended using strcat() with no bounds checks. The token content is attacker-controlled via malicious/untrusted listing output from an FTP server, so this can lead to stack memory corruption (buffer overflow).