This takes the usual shortcut of only sandboxing the last input file.
It's a first cut and this program will be easy to adapt to sandbox all
files in the future.

iconv(1) has been changed to only open the conversion descriptor once,
since the input and output encodings are fixed over all inputs.
Instead, the descriptor is simply reset after each use (documented in
iconv(3) API).

The stdio APIs commonly need FSTAT, READ/WRITE, and IOCTL(TIOCGETA).
Maybe this could be put in some kind of common subroutine for stdio
descriptors.

• iconv -f US-ASCII -t UTF-8 (tty input)
• iconv -f US-ASCII -t UTF-8 foo.txt
• iconv -f US-ASCII -t UTF-8 < foo.txt (stdin)
• iconv -f US-ASCII -t UTF-8 foo.txt foo.txt - (iconv_t cd reuse)