In pf_state_insert(), if the first pf_state_key_attach() fails, the

In pf_state_insert(), if the first pf_state_key_attach() fails, the
state key is freed by pf_state_key_attach().  But in the case of NAT,
there are two state keys allocated, so we must free the second key
manually.  Fixes a pf_state_key_pl leak seen in certain cases with
pfsync or with pf state-insert errors.
ok mcbride@ henning@