Looks like this is something useful for users. Next development cycle will start looking into ways other plugins are using to support that. I really want to avoid the plugin being blacklisted again due to security issues/CVE's. So my plain is
1. learn how other plugins are working
2. create a branch with the solution
3. upload here a .hpi file with the proposed solution, and also try to release to the experimental update site (not sure if that still exists)
4. release only, and really only, if there's enough testing from users that also took into consideration possible attack vectors created by this feature (i.e. giving some thought to what issues this feature could cause... do they have a security permission model that could allow users to use dangerous libraries? did we implement in a way that the administrator him/herself could shoot his own foot and accidentally introduce a security problem in their jenkins/etc)
And once we pass step 4, and we are confident this won't introduce a security bug, cut a release. Let me know if anyone has any other suggestions, or if interested in helping with the testing/development.