Better fix for r314098

The actual issue was the fact that if - was used then some restriction were
already set to stdin when we were applying caph_limit_stdio which was failing
due to the fact the fd was the fd was already restricted to lower rights.

Restricting stdio before actually opening the files prevent trying to raise the
right and fixes the issue.

And this allows to keep failing the program if restriction failed

Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D9723