wget convert.c write_backup_file underflows short filenames in .orig rewrite

In src/convert.c, write_backup_file() constructs a backup name for FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED by allocating filename_len + 1 bytes, copying the original file name, and then overwriting the last four bytes with "orig" via strcpy((filename_plus_orig_suffix + filename_len) - 4, "orig"). If the file name is shorter than four bytes, the destination pointer underflows before the allocated buffer, causing an out-of-bounds write on the stack. This is a memory-safety bug in the backup-file path for converted downloads.