pf: Do not allow negative ps_len in DIOCGETSTATES

Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.

Reported-by: syzbot+53370d9d0358ee2a059a@syzkaller.appspotmail.com
Reviewed by: lutz at donnerhacke.de
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24447