pscp: extra security check in SCP mode.

When you don't specify -r, we now check whether the server is sending
a whole subdirectory in place of a single file, and abort if it does.
Previously we'd accept the subdirectory download regardless.

The new error message labels this as a security violation, just on the
grounds that it involves the server doing something other than what
the implicit contract suggested it ought to, but I don't think it's a
really serious violation in the same sense as letting the server cd
into ".." or overwrite files of arbitrary name would be. In this case
it can only leave a downloaded thing in the specific place you already
authorised it to put _some_ downloaded thing - it's just returned you
a directory in place of a file.

pscp.c

@@ -1456,6 +1456,10 @@ int scp_get_sink_action(struct scp_sink_action *act)
 	      case 'C':
 	      case 'D':
 		act->action = (action == 'C' ? SCP_SINK_FILE : SCP_SINK_DIR);
+                if (act->action == SCP_SINK_DIR && !recursive) {
+                    bump("security violation: remote host attempted to create "
+                         "a subdirectory in a non-recursive copy!");
+                }
 		break;
 	      default:
 		bump("Protocol error: Expected control record");