Sorry for replying to my own questions but in case someone reads this later, I think I've got it working by setting the sandbox code-inspector to (current-code-inspector). For some reason, this does not work in sandbox-init-hook, which has been puzzling me. But it works using parameterize as follows:
(define (create-evaluator)
(define inspector (current-code-inspector))
(parameterize ([sandbox-make-code-inspector
(lambda () inspector)])
(make-evaluator
'racket/gui
#f
#:requires '(racket/base racket/gui racket/random))))
(define evaluator (create-evaluator))
When I use this evaluator with the above sandbox-init-hook, I can use (dynamic-require "module-name.rkt" 0) and it will load and execute the plugin code at local path "module-name.rkt". A message-box in the GUI does not work even though the module starts with #lang racket/gui, it does something but the message box doesn't show up and it times out. However, I'm sure I can fix this.