curl: libcurl 8.20.0 incomplete fix for CVE-2026-7168: changing only CURLOPT_PROXYPORT leaks stale Proxy Digest auth to a different proxy

Summary: I found an incomplete-fix variant of CVE-2026-7168 in curl 8.20.0. The 8.20.0 fix clears state.proxydigest / state.authproxy when CURLOPTPROXY changes, but not when only CURLOPTPROXYPORT changes. On the same easy handle, request 1 through proxyA CURLOPTPROXYPORT=18197 learns Proxy Digest...