Verified off-by-one OOB write in wget src/vms.c getpwuid fallback

The VMS getpwuid() fallback in wget writes a terminator at owner[length+1]='\0' where length is derived from owner[0] (counted-string semantics). If length==39 for a local buffer owner[40], this writes owner[40] (out of bounds). This can be used to corrupt stack memory; additionally strcpy() then copies from &owner[1] into fixed buffers without bounds checks.