Record dependency on the newly introduced pfsync.

Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)

Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.

Discussed with: mlaier on -pf
MFC after: 5 days