Fix race/failure to list states in `get_states_inner`

[faern]

The way we currently probe the system for PF states is racy and prone to failing. We first check the number of states -> allocate a container -> ask the system to fill the container. If extra states are created between the first and second syscall then the second call will fail, because the container is too small for all the states.

This should ideally not cause the call to fail. Currently the library user has to invent their own retry logic if they want this to be more stable. This is something we probably should integrate into the library itself. The pfctl CLI tool from BSD has this logic built in, so we should probably as well: https://github.com/openbsd/src/blob/master/sbin/pfctl/pfctl.c#L1047