Address issue pointed out in CVE-2020-25705

Add jitter to the ICMP bandwidth limit to deny a side-channel port scan.

Reviewed by: kp, philip, cy, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27354

(cherry picked from commit ca4cd20c4afeb68ae30c4cc1103280590a099fe7)