devfs.rules: unhide pf in vnet jails

/dev/pf is usable in vnet jails, so don't hide the node there.

We shouldn't expose /dev/pf in regular jails, as that gives them control over
the host (or parent vnet jail) firewall.

Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D26537