Module class loader should use secure action instead of a privileged block

Due to some refactoring, the module class loader was no longer being created in a privileged block, which was causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). For Felix 1.8.1, we just simply wrapped it in a doPrivileged() block, but we should change this to use SecureAction operations like getting the constructor and invoking it. This may require we add some operations to SecureAction or reorganize the existing ones.