You could "package" it by creating a separate component that's simply a pandoc process and have the two parts talk via one of the various serialization protocols on hackage (after all, web browsers need not be gpl just because the web server is). Itd be a shame to have to redo stuff that pandoc already does very nicely.
I am almost sure that this is covered by the gpl. Servers source code is protected because it is not distributed to the end user, not because there is some kind of a bridge between gpl code & your code.
