Limit the TCCL when instantiating UntrustedXML

Limit the TCCL when instantiating UntrustedXML

JAXP newInstance() methods can end up going through ServiceLoader
with TCCL as its ClassLoader, which means our constants may end up
pointing to a ClassLoader beyond our normal visibility.

This means we can end up picking up a different factory depending
on where we are called from and also can mean the TCCL cannot be
garbage-collected.

Force the TCCL to be the ClassLoader holding UntrustedXML, thus
establishing tight coupling between JAXP implementation discovery
mechanism and UntrustedXML.

JIRA: CONTROLLER-1867
Change-Id: Icacb0e193c7360c73bd07bc5c815bf803ca9ac44
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>