wget: possible stack buffer overflow in NTLM base64 decode allocation

In src/http-ntlm.c, ntlm_input() allocates a stack buffer sized as alloca(strlen(header)) and then calls wget_base64_decode(header, buffer). If wget_base64_decode writes decoded bytes and its decoded size can exceed strlen(header), this can overflow the stack buffer. This is reachable when parsing a type-2 NTLM message from a server (base64 input is user-controlled via HTTP headers) and then copying nonce bytes from the decoded buffer.