validate-icon: For completeness, always add "--" to bwrap arguments

This particular bwrap invocation cannot cause a sandbox escape because
the command to run is hard-coded, but it's more clearly correct if we
pass "--" to every bwrap invocation.

Signed-off-by: Simon McVittie <smcv@collabora.com>

icon-validator/validate-icon.c

@@ -228,7 +228,7 @@ rerun_in_sandbox (const char *arg_width,
   if (g_getenv ("G_MESSAGES_PREFIXED"))
     add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL);
 
-  add_args (args, validate_icon, arg_width, arg_height, filename, NULL);
+  add_args (args, "--", validate_icon, arg_width, arg_height, filename, NULL);
   g_ptr_array_add (args, NULL);
 
   {