ALG mechanism needs improvements

[rmind]

• Race condition when unloading ALG module: npf_nat_freealg() vs lock-free readers.
• Inspection as a loop in npf_alg_conn() is not particularly efficient. It could be optimized to be: 1) per-protocol 2) only limited to ALGs which perform inspection, rather than all.
• npf_alg_exec() should only be performed if the NAT entry has an associated ALG; it is currently applicable only for the dynamic NAT anyway. If there will be ALGs operating with the static NAT, then npfa_funcs_t::snat could be added.