pf: allow ICMP messages related to an SCTP state to pass

Much like we already do for TCP and UDP we should also parse SCTP-in-ICMP
messages to see if they apply to an SCTP connection we've already allowed. If so
we should allow the ICMP packet to pass, even if we'd otherwise block it.

Add a test case where we generate an 'ICMP unreachable - need to frag' packet
and check that it passes through pf.

MFC after: 2 weeks
Sponsored by: Orange Business Services

(cherry picked from commit 7d5e02b01577047290e937399accc02e6b184ce9)