pf: move pf_change_icmp_af() call for TCP/UDP in ICMP

The checksum of a ICMP "need to frag" packet for TCP was wrong when
created from a ICMP6 "too big" packet. The function pf_change_icmp_af()
has code to adjust the pseudo-header checksum in the ICMP6 case,
but pf_test_state_icmp() changed the proto before the case was
entered.
So call pf_change_icmp_af() before the pd->proto is converted in
the TCP and UDP payload case like it was already done for ICMP and
ICMP6 payload.
Found by sys/net/pf_forward regress test; OK henning@

Note that we fully recalculate ICMP checksums in pf_translate_af(), so this does
not result in any functional changes on FreeBSD. It is imported to reduce the
diff with OpenBSD.

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 50188ace62
Sponsored by: Rubicon Communications, LLC ("Netgate")