Guard in-place .orig rewrite in convert.c to avoid pointer underflow

Wget's link conversion code builds a backup filename in write_backup_file() by allocating filename_len + 1 for the HTML-extension case and then writing "orig" at (filename_plus_orig_suffix + filename_len) - 4. This assumes the file name already ends in ".html" and is at least four bytes long. If the code is ever reached with a shorter or differently shaped path, the pointer arithmetic can underflow the intended buffer region and corrupt adjacent stack memory.