pf: verify SCTP v_tag before updating connection state

Make it harder to manipulate the firewall state by verifying the v tag before we
update states.

MFC after: 2 weeks
Sponsored by: Orange Business Services

(cherry picked from commit 4713d2fd5663eb64aa582dabced21d253c901a66)