libpfctl: be more tolerant of kernel extensions

Allow the kernel to supply more array elements than expected, but cut
off when we hit what we think the maximum is. This will improve forward
compatibility (i.e. old userspace with newer kernel).

Reviewed by:	zlei
MFC after:	1 week
Sponsored by:	Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D42392

lib/libpfctl/libpfctl.c

@@ -152,9 +152,8 @@ pf_nvuint_32_array(const nvlist_t *nvl, const char *name, size_t maxelems,
 	size_t elems;
 
 	tmp = nvlist_get_number_array(nvl, name, &elems);
-	assert(elems <= maxelems);
 
-	for (size_t i = 0; i < elems; i++)
+	for (size_t i = 0; i < elems && i < maxelems; i++)
 		numbers[i] = tmp[i];
 
 	if (nelems)