pf: be more strict about IPv6 fragments

Follow RFC 5722 more strictly when handling overlapping fragments
in pf. Drop the whole fragment state if IPv6 fragments appear which
have invalid length or fragment-offset or more-fragment-bit. In
IPv4 they are considered invalid and just dropped like before.
Found by Antonios Atlasis; OK sashan@ sthen@

Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, f0f63321f2
Sponsored by: Rubicon Communications, LLC ("Netgate")