MFC r332404 (kp):
pf: limit ioctl to a reasonable and tuneable number of elements

pf ioctls frequently take a variable number of elements as argument.
This can potentially allow users to request very large allocations.
These will fail, but even a failing M_NOWAIT might tie up resources
and result in concurrent M_WAITOK allocations entering vm_wait and
inducing reclamation of caches.

Limit these ioctls to what should be a reasonable value, but allow
users to tune it should they need to.

Sponsored by: Rubicon Communications, LLC (netgate.com)