extensions: libip6t_ah: Fix translation of plain '-m ah'

extensions: libip6t_ah: Fix translation of plain '-m ah'

This is actually a limitation of ip6tables:

| # ip6tables -A INPUT -p ah -j ACCEPT
| Warning: never matched protocol: ah. use extension match instead.

The working alternative is like so:

| # ip6tables -A INPUT -m ah -j ACCEPT

But upon translating, this statement gets ignored:

| $ ip6tables-translate -A INPUT -m ah -j ACCEPT
| nft add rule ip6 filter INPUT  counter accept

This patch (ab)uses the 'space' variable to check if a parameter to the
'ah' match was present and if not translates the match into an extension
header check:

| $ ip6tables-translate -A INPUT -m ah -j ACCEPT
| add rule ip6 filter INPUT meta l4proto ah counter accept

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>