fix: remove unsafe-eval from utils.js

[vyagh]

Description

Removes the eval() fallback from resolveObject in utils.js to improve security and CSP compliance.

Previously, resolveObject used eval(path) because many classes (like Turtle, MusicBlocks, and the APIs) weren't exposed to the global window object, so standard property lookup failed.

Changes:

1. Removed Eval: resolveObject now strictly uses path.split('.').reduce(...) to find properties. The eval fallback is gone.
2. Exposed Dependencies: Explicitly attached required classes to window in their respective files (e.g., window.Turtle = Turtle) so resolveObject can find them.
   • Covered: Turtle, Turtles, Mouse, MusicBlocks, and all 11 *BlocksAPI classes.
3. Cleanup: Removed importController (unused dead code) and commented safeEval usage for clarity.

Verification

• Tests: npm test passing (89/89 suites). Confirmed the hoisting fix works (window assignments are at the end of files).
• Manual: Verified app startup and block interaction in the browser; no ReferenceError or resolution failures in the console

[github-actions]

✅ All Jest tests passed! This PR is ready to merge.

[github-actions]

✅ All Jest tests passed! This PR is ready to merge.

[Pankajyadav919]

@vyagh i have already make PR on this issue #5407