pf: limit extra SCTP states

For SCTP we create states for all combinations of endpoints, to allow multihoming to work.
Malicious users could abuse this to fill our state table more easily
than they otherwise could, because we create states between all
combinations of endpoints. Limit this to no more than 8 extra endpoints
for each side of the connection.

MFC after: 2 weeks
Sponsored by: Orange Business Services

(cherry picked from commit cd0169c9379c400ec75b77e87ca770e37f964276)