Fix manual host key validation.

When the user tries to add a string to the CONF_ssh_manual_hostkeys
list box, we call a validation function which is supposed to look
along the string for either a valid-looking SSH key fingerprint, or a
base64 public key blob, and after it finds it, move that key alone to
the start of the input string and delete all the surrounding cruft.

SHA-256 key fingerprints were being detected all right, but not moved
to the start of the string sensibly - we just returned true without
rewriting anything. (Probably inadequate testing when I added SHA-256
fairly recently.)

And the code that moved a full public-key blob to the front of the
string triggered an ASan error on the grounds that it used strcpy with
the source and destination overlapping. I actually hadn't known that
was supposed to be a bad thing these days! But it's easily fixed by
making it a memmove instead.

utils/validate_manual_hostkey.c

@@ -38,8 +38,11 @@ bool validate_manual_hostkey(char *key)
         if (strstartswith(q, "SHA256:")) {
             /* Test for a valid SHA256 key fingerprint. */
             r = q + 7;
-            if (strlen(r) == 43 && r[strspn(r, BASE64_CHARS_NOEQ)] == 0)
+            if (strspn(r, BASE64_CHARS_NOEQ) == 43) {
+                memmove(key, q, 50); /* 7-char prefix + 43-char base64 */
+                key[50] = '\0';
                 return true;
+            }
         }
 
         r = q;
@@ -106,7 +109,9 @@ bool validate_manual_hostkey(char *key)
             if (strlen(q) < minlen)
                 goto not_ssh2_blob;    /* sorry */
 
-            strcpy(key, q);
+            size_t base64_len = strspn(q, BASE64_CHARS_ALL);
+            memmove(key, q, base64_len);
+            key[base64_len] = '\0';
             return true;
         }
       not_ssh2_blob:;