pf: fix ICMP source address translation for nat64

While handling an ICMP error related to another state (e.g. TTL expired, port
closed, fragmentation needed, ...) we can't just use the state's source address
as the ICMP source address. We have to translate the IPv4 address back to an
IPv6 nat64 address.

Failing to do so breaks things like traceroute, where the intermediate router
generates an ICMP error message, and the traceroute tool uses the source address
to build the path.

Use the state's source address to figure out the prefix, and copy the IPv4 IP
address to the last bytes to construct the mapped IPv6 address.

PR: 284944
Sponsored by: Rubicon Communications, LLC ("Netgate")
In collaboration with: sashan <sashan@openbsd.org>, dac07517c7
Differential Revision: https://reviews.freebsd.org/D49143