pf: don't use state keys after pf_state_insert()

pf_state_insert() may free the state keys, it's not safe to access these
pointers after the call.

Introduce osrc/odst (similar to osport/odport) to store the original source and
destination addresses. This allows us to undo NAT transformations without having
to access the state keys.

Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49551

(cherry picked from commit bdea9cbcf2decafeb4da5a0280313efccc09e1b3)