This diff limits the number of transactions/tickets

This diff limits the number of transactions/tickets
pf_open_trans() can issue for each clone of /dev/pf
to 512. The pf_open_trans() is currently being used
by DIOCGETRULES ioctl(2). The limit avoids processes
to consume all kernel memory by asking DIOCGETRULES
for more tickets. If DIOCGETRULES hits the limit, then
the application will see EBUSY error.

This diff was fine tuned with feedback from cluadio@,
deraadt@ and kn@.

OK kn@