Instrumentation API: module -> class loader with a security manager

[Rafael Winterhalter]

I noticed a small obstacle while porting code to the Java 9 instrumentation
API. It is now required to pass by a security manager to read the class
loader from the module (via Module::getClassLoader).

This was not required using the old API. In this sense, it is not really
more secure since I can always fall back to the old API but I need to ask a
user for an additional privilege that I did not need before if I want to
use the new API and a security manager is active.

Would it make sense to provide the class loader as an additional argument
in the new instrumentation API to avoid this?