CVE-2023-27534: SFTP path ~ resolving discrepancy

## Summary: libcurl `Curl_getworkingpath` function resolves `~` as remote users' home directory. This routine behaves in an undocumented way for `sftp` protocol. In particular it is said that `/~/` is converted to remote user's home directory (*1), while this isn't how the function actually behaves. This can lead to unexpected final path for the `sftp` access, and allow an attacker with partial path access to gain access to untended remote system path locations. ## Steps To Reproduce: 1. access `sftp://host/~a../other/file` 2. remote path will result as: `/home/user/../other/file` It's notable that when `~a..` path component is checked for path traversal via normal unix path resolving rules, the path component is **not** considered accessing a parent directory, and thus will bypass path sanitization operations attempting to disallow access to parent directory. As an additional remark, in regular UNIXy world `~user/` specifies another users' home directory, which clearly is not supported by `sftp`. This adds to potential confusion. ## Remediation - In `Curl_getworkingpath` convert `~` in `sftp` paths only when either `/~/` or `/~` (if it is the full path) is used. Reject `~<something>` paths (or don't convert them). ## Supporting Material/References: 1) https://everything.curl.dev/usingcurl/scpsftp ## Impact Bypassing application implemented path filtering.