Remove the ability to pass a callback function as a string

[JakeChampion]

This is where we use new Function - https://github.com/Financial-Times/o-toggle/blob/master/src/js/toggle.js#L40 - we should avoid using new Function/eval in Origami components in case the product using Origami has a strict Content-Security-Policy which forbids using these powerful features of the language.

We can avoid the use of new Function/eval in this component by changing the option to take a reference to an already existing function that should be executed as the callback.

E.G.

<script>
function myOToggleCallback(state, event) {
  document.querySelector('.target').classList.toggle('hidden');
}
</script>

<button data-o-component="o-toggle"
		data-o-toggle-target=".target"
		data-o-toggle-callback="myOToggleCallback">Toggle</button>

<div class="target hidden">Target of the toggle</div>

[notlee]

This is done, to be released as part of the breaking cascade. Closing to keep track of progress. See:

Related issue: #25
Related PR: #27