Refactor to avoid function constructor in the form of eval

[archmoj]

Seems like this refactor works to avoid security warnings/issues.
Also it would be nice to have a similar patch for d3 v3.
see: archmoj/d3@93e74e5

cc: @curran @tdelmas #67 #65
cc: @alexcjohnson @nicolaskruchten plotly/plotly.js#897

[mbostock]

Please read #26 (comment).

[archmoj]

Thanks for the note.
The attempt in #26 wasn't as fast while using reduce.
I don't really see a notable performance difference between parsing a 1024x1024 table using current (master) and (this) new implementation.
So please consider reopening.
Cheers.

[tdelmas]

@archmoj Could you provide your results with the latest Chrome and Firefox in the same format that #26 (comment) ?

[mbostock]

If the substantial performance penalty of doing this “safely” (scare quotes because it’s already safe, just not in a way that a browser can statically analyze and know ahead of time) I’m happy to reconsider. I’m also curious if Object.entries, possibly with a generator rather than a materialized array, is faster than assigning to an object. I doubt it, but sometimes browsers have clever optimizations.

[tyn1998]

In my case, I'm developing a chrome extension under manifest v3, which refuses CSP with 'unsafe-eval'. So this PR helps! Thank you!