siit: apply generic blacklist to dst address

So apparently, SIIT wasn't applying the generic blacklist to the
destination address of incoming IPv4 packets. Strangest is that, even
though this should cause untold mayhem immediately, I was somehow unable
to reproduce it for the longest time.

From my reading of the history, this bug first appeared during the
2019-10-30 RFC7915 review. Before that, the generic blacklist behavior
used to be

- Source address: Always enabled
- Destination address: Always enabled

RFC7915 wanted me to disable the generic blacklist for the source
address for ICMP errors, but for some reason what I actually did was

- Source address: Disabled on ICMP errors
- Destination address: Disabled on ICMP errors

Then, during the 7915 graybox testing of 2020-02-14, I ran into some
problem with this and nesciently reverted back to

- Source address: Always enabled
- Destination address: Always enabled

Then, during another graybox batch test on 2020-05-20, it became

- Source address: Disabled on ICMP errors
- Destination address: Always disabled

This commit changes into what I believe is the correct behavior (and
which is consistent with RFC 7915):

- Source address: Disabled on ICMP errors
- Destination address: Always enabled

This commit fixes the translator-router ping of #338, and also probably
the entirety of #339.

src/mod/common/steps/compute_outgoing_tuple_siit.c

@@ -112,7 +112,7 @@ verdict translate_addrs46_siit(struct xlation *state, struct in6_addr *src_out,
 	/* Dst address. (SRC DEPENDS CON DST, SO WE NEED TO XLAT DST FIRST!) */
 
 	addr_result = addrxlat_siit46(&state->jool, hdr4->daddr, &addr6,
-			!disable_dst_eam(in, is_hairpin), false);
+			!disable_dst_eam(in, is_hairpin), true);
 	if (addr_result.reason)
 		log_debug(state, "%s.", addr_result.reason);