Fix use after free bug when using += (re: 75796a9c) (#466)

The previous fix for the += operator introduced a use-after-free
bug that could result in a variable pointing to random garbage:
   $ foo=bar
   $ foo+=_foo true
   $ typeset -p foo
   foo=V V
The use after free issue occurs because when nv_clone creates a
copy of $foo in the true command's invocation-local scope, it does
not duplicate the string $foo points to. As a result, the $foo
variable in the parent scope points to the same string as $foo in
the invocation-local scope, which causes the use after free bug
when cloned $foo variable is freed from memory.

src/cmd/ksh93/sh/nvdisc.c:
- To fix the use after free bug, allow nv_clone to duplicate the
  string with memdup or strdup when no flags are passed.

src/cmd/ksh93/tests/variables.sh:
- Add a regression test for using the += operator with regular
  commands.

src/cmd/ksh93/tests/leaks.sh:
- Add a regression test to ensure the bugfix doesn't introduce any
  memory leaks.

NEWS

@@ -3,7 +3,13 @@ For full details, see the git log at: https://github.com/ksh93/ksh/tree/1.0
 
 Any uppercase BUG_* names are modernish shell bug IDs.
 
-2022-01-17:
+2022-02-18:
+
+- Fixed a regression introduced on 2021-04-11 that caused the += operator in
+  invocation-local assignments to crash the shell or modify variables outside
+  of the invocation-local scope.
+
+2022-02-17:
 
 - Fixed a crash, introduced on 2021-01-19, that occurred when using 'cd' in
   a subshell with the PWD variable unset.
@@ -11,7 +17,7 @@ Any uppercase BUG_* names are modernish shell bug IDs.
 - Fixed a crash that could occur when or after entering the suspend character
   (Ctrl+Z) while the shell was blocked trying to write to a FIFO special file.
 
-2022-01-16:
+2022-02-16:
 
 - Backported minor additions to the 'read' built-in command from ksh 93v-:
   '-a' is now the same as '-A' and '-u p' is the same as '-p'. This is for