pf: default syncookies to adaptive mode

The cost of enabling syncookies in adaptive mode is very low (basically
a single atomic add when we create a new half-open state), and the
payoff when under SYN flood is huge.

So, enable adaptive mode by default.

Suggested by: Eirik Øverby