LibWeb: Fix off-by-one in HTMLTokenizer::restore_to()

The difference should be between m_utf8_iterator and the
the new position, if m_prev_utf8_iterator is used one fewer
source position is popped than required.

This issue was not apparent on most pages since restore_to
used for tokens such  <!doctype> that are normally
followed by a newline that resets the column to zero,
but it can be seen on pages with minified HTML.

Userland/Libraries/LibWeb/HTML/Parser/HTMLTokenizer.cpp

@@ -2726,8 +2726,7 @@ bool HTMLTokenizer::consumed_as_part_of_an_attribute() const
 
 void HTMLTokenizer::restore_to(Utf8CodePointIterator const& new_iterator)
 {
-    if (new_iterator != m_prev_utf8_iterator) {
+    auto diff = m_utf8_iterator - new_iterator;
-        auto diff = m_prev_utf8_iterator - new_iterator;
     if (diff > 0) {
         for (ssize_t i = 0; i < diff; ++i)
             m_source_positions.take_last();
@@ -2735,7 +2734,6 @@ void HTMLTokenizer::restore_to(Utf8CodePointIterator const& new_iterator)
         // Going forwards...?
         TODO();
     }
-    }
     m_utf8_iterator = new_iterator;
 }