Wget write_backup_file stack underflow is reachable from HTTP extension handling

The .orig backup construction bug in src/convert.c is reachable from the HTTP download path. When src/http.c adds an .html suffix under ADDED_HTML_EXTENSION, it marks the download as FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED. Later convert_links() calls downloaded_file(CHECK_FOR_FILE, file) and, if backup_converted is enabled, write_backup_file() uses the special HTML-extension branch. That branch allocates filename_len + 1 bytes with alloca() and then writes 'orig' at filename + len - 4 without checking the suffix length. This is a stack write before the start of the allocated object for short local names and can corrupt adjacent stack memory.