pf: Add modern NAT syntax

Now that pfctl has separate functions for parsing redirection pools and
ports, we can finally add support for nat-to and rdr-to filter_opts.
NAT and RDR actions are marked by having the respective pools filled in.

Function pf_rule_apply_nat() is responsible for both NAT/RDR and af-to
address translations. It is called both for match rules and the final
pass rule.

Use FreeBSD's original address translation code by splitting it into
pf_translate_compat(). Call this function for old-style NAT ruleset
and for modern NAT rules via pf_rule_apply_nat().

Initialize pfctl_rule's redirection pools on rule allocation, also for
code paths not using expand_rule(), so that they can be safely checked
for being empty in filter_consistent().

Move map-e NAT test to nat.sh for convenience, duplicate critical NAT
tests into _compat (for old-style NAT ruleset) and _pass (for match/
pass) variants.

Reviewed by: kp
Approved by: kp (mentor)
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D49221