Revert previous. Explicitly load the value of npf or pf

Load rc configuration based on rcvar, not name, so that correct settings
in /etc/rc.conf.d are loaded.

Usually this does not matter as rcvar and name are set to the same value.
For pf_boot and npf_boot, rcvar is set to pf and npf respectively.

Prior to the change, if:
rc.conf contains nfp=YES
rc.conf.d/npf does not exist

Then:
/etc/rc.d/npf_boot rcvar
outputs:
# npf_boot
$npf=YES

If:
rc.conf contains npf=NO (or is not set)
rc.conf.d/npf contains npf=YES

Then:
/etc/rc.d/npf_boot rcvar
outputs:
# npf_boot
$npf=NO

This means that in the latter case, at boot time the npfctl start command
is never run and the firewall is not operational.

Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision
on case insensitive file systems

Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:

# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL

This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.

No need to empose the script to be runnable during boot time, it prevents the
script from wroking if the system is booted into single user mode & then
moved onto multi-user mode.

Reported by <pgoyette> for NPF but the issue is there in PF too.

branches: 1.1.2; 1.1.4;
Add an initial ruleset and rc script for NPF to protect host during early stage
of boot, similar to what is currently available for PF.