pf: fix sctp deadlock

It is possible for pf_test_state_sctp() to find a state and still return
PF_DROP (or not PF_PASS, to be exact). In that case we would run pf_test_rule()
unconditionally, but this would overwrite the (locked!) state pointer
pf_test_state_sctp() gave us. As a result we will later deadlock, trying the
lock the already locked state.

Do what we do for UDP and TCP, and explicitly check s for NULL before we run
pf_test_rule().

MFC after: 1 week
Sponsored by: Orange Business Services

(cherry picked from commit a9639adaedb4d67340c4ae386fe8fcd18e4a8a21)