Initial support for securing tty I/O. (#684)

* Initial support for securing tty I/O.

* Update the tests.

* Fix warnings

* Update crates/wasi-common/src/fdentry.rs

Co-Authored-By: Jakub Konka <jakub.konka@golem.network>

* Properly sandbox stderr.

* Document why the scratch buffer is 4 elements long.

* Update crates/wasi-common/src/sandboxed_tty_writer.rs

Co-Authored-By: Jakub Konka <jakub.konka@golem.network>

* Update crates/wasi-common/src/sandboxed_tty_writer.rs

Co-Authored-By: Jakub Konka <jakub.konka@golem.network>

* Add comments explaining how we report the number of bytes written.

* Always sanitize stderr.

* Port the changes to the snapshot_0 directory.

* Fix snapshot_0 compilation error.

* Replace the scratch buffer with a temporary buffer.

* Update crates/wasi-common/src/sandboxed_tty_writer.rs

Co-Authored-By: bjorn3 <bjorn3@users.noreply.github.com>

* Format with latest stable rustfmt.

Co-authored-by: Jakub Konka <kubkon@jakubkonka.com>
Co-authored-by: bjorn3 <bjorn3@users.noreply.github.com>

crates/wasi-common/src/fdentry.rs

@@ -162,6 +162,14 @@ impl FdEntry {
             Ok(())
         }
     }
+
+    /// Test whether this descriptor is considered a tty within WASI.
+    /// Note that since WASI itself lacks an `isatty` syscall and relies
+    /// on a conservative approximation, we use the same approximation here.
+    pub(crate) fn isatty(&self) -> bool {
+        self.file_type == wasi::__WASI_FILETYPE_CHARACTER_DEVICE
+            && (self.rights_base & (wasi::__WASI_RIGHTS_FD_SEEK | wasi::__WASI_RIGHTS_FD_TELL)) == 0
+    }
 }
 
 /// This allows an `OsHandle` to be temporarily borrowed from a