LibWeb: Prevent OOB access in HTMLEncodingDetection for input of '</'

Previously, this never checked if `position + 2` was valid. This
slightly reorders the loop so all indices are checked.

Fixes SerenityOS#22163

Tests/LibWeb/Layout/expected/incomplete-input-no-newline-at-eof-should-not-crash.txt

@@ -0,0 +1,12 @@
+Viewport <#document> at (0,0) content-size 800x600 children: not-inline
+ BlockContainer <html> at (0,0) content-size 800x600 [BFC] children: not-inline
+ BlockContainer <body> at (8,8) content-size 784x17.46875 children: inline
+ line 0 width: 14.65625, height: 17.46875, bottom: 17.46875, baseline: 13.53125
+ frag 0 from TextNode start: 0, length: 2, rect: [8,8 14.65625x17.46875]
+ "</"
+ TextNode <#text>
+
+ViewportPaintable (Viewport<#document>) [0,0 800x600]
+ PaintableWithLines (BlockContainer<HTML>) [0,0 800x600]
+ PaintableWithLines (BlockContainer<BODY>) [8,8 784x17.46875]
+ TextPaintable (TextNode<#text>)

Tests/LibWeb/Layout/input/incomplete-input-no-newline-at-eof-should-not-crash.html

@@ -0,0 +1 @@
+</

Userland/Libraries/LibWeb/HTML/Parser/HTMLEncodingDetection.cpp

@@ -321,12 +321,12 @@ Optional<ByteString> run_prescan_byte_stream_algorithm(DOM::Document& document,
  prescan_skip_whitespace_and_slashes(input, position);
  while (prescan_get_attribute(document, input, position)) { };
  } else if (!prescan_should_abort(input, position + 1) && input[position] == '<' && (input[position + 1] == '!' || input[position + 1] == '/' || input[position + 1] == '?')) {
- position += 2;
- while (input[position] != '>') {
- ++position;
+ position += 1;
+ do {
+ position += 1;
  if (prescan_should_abort(input, position))
  return {};
- }
+ } while (input[position] != '>');
  } else {
  // Do nothing.
  }