Hi, Dhruv
You are correct that it is possible to install CRAN packages on a SQL Server 2016 instance with R Server. However, it is up the the system administrator to ensure that any third party packages comply with internal security policy. In other words, Microsoft can not make any statements about how a third party package will behave on any machine.
For this reason, only the system administrator of a SQL machine can install new packages.
I am sorry, but I can't be more specific than this.
Regards
Andrie