ipfw: add additional handling for orphaned states

When parent rule of dynamic state is deleted and
net.inet.ip.fw.dyn_keep_states is enabled, dynamic states are kept
working and such states are called ORPHANED.
Orphaned states still keep pointer to original parent rule. And in
case when rule action is skipto this can lead to unpredictable
consequences. To avoid this problem add special handling for skipto
action when we have found ORPHANED state.
Check that new rule has the same opcode and skipto number for
O_SKIPTO rule action.

Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D51459