pf: use counter_rate() for rate checking

This has the advantage of not requiring a lock. The current src node code runs
the rate check under a lock, so this won't immediately improve performance.
This prepares the way for future work, introducing packet rate matching on
rules, where the lack of lock will be important.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D50797