fix(createproxy): allow proxy under non-eval csp

[kwonoj]

Description

I think this is fix to somewhat specific usecases, but hope this is not hurting general environments but also fixes my problem.

In our application we use comlink to communicate between the different context in Electron (https://electronjs.org/), specifically for now being used between preload script to actual web page we load into BrowserWindow. Since we inject script in preload it does not have url for endpoint while our endpoint have CSP policy to prevent execution of script via eval or similar way - and using new Function() violates those rules.

And effectively blocks to create new proxy object in preload context we created.

This PR replaces creation of function in non-eval way to allow preload script can run under specific CSP policy.

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[kwonoj]

I signed it!

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[surma]

Woah. I did not realize that an empty Function constructor would violate CSP. But your path also saves 2 bytes, so I am totally on-board :D Thanks a lot.