JENKINS-67479: Add test and fix for malicious job folder

[krulls]

• [x] Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• [x] Ensure that the pull request title represents the desired changelog entry
• [x] Please describe what you did
• [x] Link to relevant issues in GitHub or Jira
• [x] Link to relevant pull requests, esp. upstream and downstream changes
• [x] Ensure you have provided tests - that demonstrates feature works or fixes the issue

Description

To fix JENKINS-67479 it is necessary to make sure that a config.xml file exists before it is getting copied over to the backup. While this is being done on multiple places in (https://github.com/jenkinsci/thin-backup-plugin/blob/master/src/main/java/org/jvnet/hudson/plugins/thinbackup/backup/HudsonBackup.java) it is missing on line 227. The PR fixes this spot and also adds a specific file structure (that we've seen in our instance) to the test scenario.

Running the tests without the fix fails the build, which shows that the fix is necessary for a file system that shows this structure.

(Please ignore the issue key in the commit message, it stems from our internal ticket system)