pf: Add code to enable filtering for locally delivered packets

This is disabled by default since it potentially changes the behavior of
existing filter rule sets. To enable this extra filter for packets being
delivered locally, use:

sysctl net.pf.filter_local=1
service pf restart

PR: 268717
Reviewed-by: kp
MFC-after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40373