I've finally done it.
@Derelict Thank You! I've actually managed to find a few ways to make it work. Learned a lot in the process.
Best solution I found was:
Add Phase2 tunnel between site A and B like this: site A (10.11.40.0/24) <-> site B (10.200.200.0/24)
Modify Phase2 tunnel between site B and C and use NAT on it: site B (10.11.0.0/16 -NAT-Address-> 10.100.100.1) <-> site C (10.200.200.0/24). No configuration change was required on site C which wasn't an option anyway :-)
Remove Outbound NAT rule @ site B that hid traffic to site C under single IP address (10.100.100.1). This rule is no longer required because source address translation is now handled by Phase2 tunnel configuration itself.
Remove 10.100.100.0/24 network from site B. I no longer need this network because Phase2 B <-> C now matches my primary local subnets.
Final config to summarize it for anyone with similar problem (access site C from site A via site B).
LAN addresses are as follows:
site A - 10.11.40.1/24
site B - 10.11.20.1/24
site C - 10.200.200.1/24
site C will accept traffic only from address 10.100.100.1
Phase 2 A <-> B
Tunnel_1: 10.11.40.0/24 <-> 10.11.20.0/24
Tunnel_2: 10.11.40.0/24 <-> 10.200.200.0/24
Phase 2 B <-> C
Tunnel_1: 10.11.0.0/16 -NAT-Address-> 10.100.100.1 <-> 10.200.200.0/24
Correct me if I'm wrong but my conclusion is that pfSense will not send traffic to IPsec tunnel if this traffic does not originate from network matching configured Phase2 networks even if You configure Outbound NAT for non-P2-matching subnet and translate it to match configured P2. Maybe it is obvious to some people but it wasn't for me. Before pfSense I've used Vyatta/VyOS and P2 source network evaluation took place AFTER outbound NAT was performed.
Other solutions I've tested and they worked (sort of):
To original configuration add Phase2 between site A (10.11.40.0/24 -NAT-Address-> 10.100.100.2) and site B (10.200.200.0/24). This way traffic coming from site A matched site's B local network used in Phase 2 tunnel between B and C.
Split site's B network into 2 as @Derelict suggested:
a. Split site's B subnet (10.100.100.0/24) into two (10.100.100.0/25 and 10.100.100.128/25)
b. Add Virtual IP Alias for LAN @ site A (10.100.100.129/25)
c. Create Phase2 between site A (10.100.100.128/25) and site B (10.200.200.0/24)
d. For the servers that are located @ site A and need to access site C, I've assigned addresses from 10.100.100.128/25 subnet and created static route for subnet 10.200.200.0/24 with gw 10.100.100.129. This way servers from site A will "show up" at site B with addresses that match 10.100.100.0/24 P2 between site B and C.
Other variant of 2nd solution is to use routed IPsec between A and B. Haven't actually tested routed IPsec with splitting the network but I'm positive it would work. Tested routed IPsec without splitting the 10.100.100.0/24 subnet but it didn't work.
Created OpenVPN server (p2p) between A and B. It also didn't work without splitting the 10.100.100.0/24 subnet. However it did work with splitting the network like in previous solutions.
Solution number 2 config for complete picture:
LAN addresses are as follows:
site A - 10.11.40.1/24, 10.100.100.129/25
site B - 10.11.20.1/24, 10.100.100.1/25
site C - 10.200.200.1/24
Phase 2 A <-> B
Tunnel_1: 10.11.40.0/24 <-> 10.11.20.0/24
Tunnel_2: 10.100.100.128/25 <-> 10.200.200.0/24
No NAT in these tunnels.
Servers @ site A that need to access site C have addresses assigned from 10.100.100.129/25 subnet and static route to 10.200.200.0/24 using 10.100.100.129 as gateway.
Phase 2 B <-> C
Tunnel_1: 10.100.100.0/24 <-> 10.200.200.0/24
NAT Outbound @ site B:
Interface (IPsec), Source (10.100.100.0/24), Destination (10.200.200.0/24), NAT Address (10.100.100.1)
Servers @ site B that need to access site C have addresses assigned from 10.100.100.0/25 subnet and static route to 10.200.200.0/24 using 10.100.100.1 as gateway.
Note: This Outbound NAT @ site B is not required in order for this to work but it's requirement from our Customer who controls site C to "show up" at their end only as 10.100.100.1.
Hope it will be useful to somebody :-)