possibly fix clat ingress nat64 drop

Due to try_make_writable's implementation:

  // try to make the 1st 'len' header bytes r/w via DPA
  void try_make_writable(struct __sk_buff* skb, int len) {
    if (len > skb->len) len = skb->len;
    if (skb->data_end - skb->data < len) bpf_skb_pull_data(skb, len);
  }

This *should* normally result in nothing actually being done.

This is because the 'len' we request should trivially be <= skb->len
(by virtue of how we construct the packet / get here),
and because skb->data_end - skb->data < len was previously
(to this patch) already checked below in line 251
(and thus the packet would have been dropped if it was false).

However, there's a tentative theory that we could somehow end up
with the entire payload in the non-linear portion of the packet,
and thus need to move it into the linear header portion where
we actually have direct packet access to it.

Note also that we already called this in line 71, so it should
be safe to add another call without causing bpf verifier unhappiness...

Test: TreeHugger
Bug: 298879031
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If3531c3cf6932ac3f1d384a43d28326d17544aa3