security: replace strcpy with memcpy in alsa_id_decode

Memory Safety: Low

alsa_id_decode() uses strcpy() to copy into a caller-provided buffer
without knowing its size. Although all current callers allocate the
buffer correctly (via alloca(strlen(src) + 1) or with a pre-validated
fixed buffer), the function signature does not encode this requirement.
Replace strcpy with memcpy using the known source length to make the
bounded copy explicit.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

spa/plugins/alsa/acp/alsa-mixer.c

@@ -63,6 +63,7 @@ char *pa_alsa_mixer_id_to_string(char *dst, size_t dst_len, pa_alsa_mixer_id *id
 }
 
 static int alsa_id_decode(const char *src, char *name, int *index) {
+    size_t src_len = strlen(src);
     char *idx, c;
     int i;
 
@@ -70,7 +71,7 @@ static int alsa_id_decode(const char *src, char *name, int *index) {
     c = src[0];
     /* Strip quotes in entries such as 'Speaker',1 or "Speaker",1 */
     if (c == '\'' || c == '"') {
-        strcpy(name, src + 1);
+        memcpy(name, src + 1, src_len);
         for (i = 0; name[i] != '\0' && name[i] != c; i++);
         idx = NULL;
         if (name[i]) {
@@ -78,7 +79,7 @@ static int alsa_id_decode(const char *src, char *name, int *index) {
                 idx = strchr(name + i + 1, ',');
         }
     } else {
-        strcpy(name, src);
+        memcpy(name, src, src_len + 1);
         idx = strchr(name, ',');
     }
     if (idx == NULL)