genilib-iocage uses the FreeBSD "iocage" jail management package to
setup a jail, run the script, and teardown the jail. Unfortunately,
this version is really, really slow (11 seconds for a one-shot jail).

So instead we will use genilib-jail which uses the template jail instance
I built using iocage, but creates the one-off jails by using raw zfs and
jail commands. It runs in about 1.3 seconds. genilib-iocage is left in
case the author speeds it up someday.

N.B. these are NOT plug in replacements for rungenilib.proxy.in.
In particular, the new scripts run as root and don't do any validation
of the caller or arguments. So genilib-jail will be called from rungenilib
for now (though I have not done that part yet!)