BUG/MAJOR: mux-h1: Fix zero-copy forwarding when sending chunks of unknown size

BUG/MAJOR: mux-h1: Fix zero-copy forwarding when sending chunks of unknown size

Commit 91b77c1632 ("MEDIUM: mux-h1: Support zero-copy forwarding for chunks with
an unknown size") was recently pushed but it contains 3 bugs. The first one is
during the nego. The extra size reserved for the CRLF at the end of the chunk
must not be added to the offset value. Indeed, the CRLF will be appended after
the data and not prepended to them.

The second one, still during the nego, is an integer overflow when the available
room in the output buffer is computed.

Finally, the last one is when the chunk itself is formatted. This part was
totally buggy if the output buffer was not empty at the beginning.

No backport needed.