pf: avoid use-after-free on reassembly

Ensure we update the mbuf pointer returned by pf_normalize_ip() or
pf_normalize_ip6() even if they fail.
Otherwise we'd risk using a freed mbuf.

PR: 283705
Reported by: Yichen Chai <yichen.chai@gmail.com>, Zhuo Ying Jiang Li <zyj20@cl.cam.ac.uk>
Sponsored by: Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 5d28f4cab8d5919aba1365e885a91a96c0655b59)