[4.10.2] address unsafe-eval CSP issues, additional cleanup

[stevengum]

Fixes #2620 in 4.10
Fixes #2647 in 4.10

Description

Address Content Security Policies around the use of unsafe-eval; in this case, around the use of new Function

Fixes bugs in CODEOWNERS

Specific Changes

• Further split Node and browser implementations of files in botframework-streaming
  • Adds "dom" lib to tsconfig-browser.json in `botframework-streaming
• Additional cleanup in tests and style in botframework-streaming
• Fix typos in CODEOWNERS file

Testing

E2E WIP, unit tests passing

[coveralls]

Pull Request Test Coverage Report for Build 161622

• 40 of 74 (54.05%) changed or added relevant lines in 6 files are covered.
• 2 unchanged lines in 2 files lost coverage.
• Overall coverage decreased (-0.04%) to 82.929%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
libraries/botframework-streaming/src/webSocket/browserWebSocket.ts	0	5	0.0%
libraries/botframework-streaming/src/webSocket/nodeWebSocketClient.ts	22	29	75.86%
libraries/botframework-streaming/src/webSocket/browserWebSocketClient.ts	11	33	33.33%

Files with Coverage Reduction	New Missed Lines	%
libraries/botframework-streaming/src/protocolAdapter.ts	1	78.38%
libraries/botframework-streaming/src/webSocket/webSocketTransport.ts	1	85.44%

Totals
Change from base Build 159077:	-0.04%
Covered Lines:	15153
Relevant Lines:	17364

---

💛 - Coveralls

[Zerryth]

Code looks good.
Also plugged this in manually into both:

• bot
• react app
  • DLJS - point to your bf-streaming PR
  • Added:

    <meta
        http-equiv="Content-Security-Policy"
        content="default-src 'none'; base-uri 'none'; connect-src wss://*.azurewebsites.net https://*.azurewebsites.net; img-src data: 'self'; script-src 'nonce-a1b2c3d' 'strict-dynamic'; style-src 'unsafe-inline' 'self'"
    />

It works! 😄

(Note: we'll make the security policy stricter, once we figure out how to add nonce into react app's html...hmm...)