rc.d: unbreak sysctl lastload

/etc/rc.d/securelevel is supposed to run /etc/rc.d/sysctl lastload
late at boot time to apply /etc/sysctl.conf settings that fail
to apply early. However, this does not work in default configuration
because of kern_securelevel_enable="NO" by default.

Add new script /etc/rc.d/sysctl lastload that starts unconditionally.

Reported by:	Marek Zarychta
MFC after:	1 month

libexec/rc/rc.d/securelevel

@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: securelevel
-# REQUIRE: adjkerntz ipfw pf
+# REQUIRE: adjkerntz ipfw pf sysctl_lastload
 
 . /etc/rc.subr
 
@@ -14,10 +14,6 @@ rcvar='kern_securelevel_enable'
 start_cmd="securelevel_start"
 stop_cmd=":"
 
-# Last chance to set sysctl variables that failed the first time.
-#
-/etc/rc.d/sysctl lastload
-
 securelevel_start()
 {
 	if [ ${kern_securelevel} -ge 0 ]; then

libexec/rc/rc.d/sysctl_lastload

@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sysctl_lastload
+# REQUIRE: LOGIN
+# BEFORE:  jail
+
+. /etc/rc.subr
+
+name="sysctl_lastload"
+desc="Last chance to set sysctl variables that failed the first time."
+start_cmd="/etc/rc.d/sysctl lastload"
+stop_cmd=":"
+
+load_rc_config $name
+run_rc_command "$1"