tl;dr; restricted access + usage of an exit
longer: An exit is sooner or later abused. A reduced exit policy does not prevent that.
What about setup a tor exit relay with 'PublishServerDescriptor = 0' ?
Having an access line like for bridges would restrict the access. An alternative could be a port knockig + iptables solution.
Objections and comments are welcome.