Is there some way to disable annotation scanning for .jar files in a .sar, so I can bypass this the meantime?
You can re-order the .sar structure -- e.g. via jboss-structure.xml,
and make the culprit jar just a classpath entry, instead of sub-deployment.
Then jboss-scanning.xml in .sar/META-INF can easily ignore it.