Wget GnuTLS CA directory scanning can alloca an attacker-influenced length

During ssl_init(), the GnuTLS backend scans CA certificates in a directory and computes ca_file_length = dirlen + strlen(dent->d_name) + 2, then immediately calls alloca(ca_file_length) and fills the buffer with snprintf. The filename comes from readdir() and is attacker-influenced if the CA directory is user-provided or otherwise contains unexpectedly long entries. Because the length is placed on the stack and never sanity-checked, a very large directory entry name can trigger stack exhaustion or dynamic-stack-buffer-overflow behavior before the file is even stat()'d.