tcp: filter small SACK blocks

While the SACK Scoreboard in the base stack limits
the number of holes by default to only 128 per connection
in order to prevent CPU load attacks by splitting SACKs,
filtering out SACK blocks of unusually small size can
further improve the actual processing of SACK loss recovery.

Reviewed By: tuexen, transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D45075