Add an example that runs under securitymanager. It like a "test" that no strange permissions are needed.
Its build sets properties for the URLs of randomized-runner and junit4-ant jar files,
this way test-framework jars can have different permissions than test classes.
As a first step, the suppressAccessChecks permission (pure evil) needed by the gson serializer
is encapsulated within an AccessController block, and only the junit4 runner gets this permission.