pf: fixup af-to regression with match rules

pfctl should not infer the af-to behavior from the af/naf difference.
instead, we should be clear that this is an af-to rule. essentially
this change converts FOM_AFTO marker into a rule flag PFRULE_AFTO so
that we don't rely on ambiguous checks (like r->af != r->naf) when
setting things up.

positive review and comments from claudio, ok henning, sperreault

Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, fc302162c0
Sponsored by: Rubicon Communications, LLC ("Netgate")