Fix yet another sed bug.

Fix yet another sed bug.

The s/// command would copy the \ of substitutions before deciding what to
do with them (generally overwriting the \ with the new data). When the
substitution was A) at the very end of the new string, B) resolved to nothing,
it could leave a trailing \ that didn't belong there and didn't get overwritten
because the "copy trailing data" part that copies the original string's null
terminator already happened before the \ overwrote it.

The ghostwheel() function restarts regexes after embedded NUL bytes, but
if the string it's passed is _longer_ than the length it's told then it
gets confused (and it means we're off the end of our allocation so segfaults
are likely).

Fix: test for \ first and move the "copy byte" logic into an else case.