[Security] Disable window.eval

As recommended by Electron warning

@types/electron/index.d.ts

@@ -1,6 +1,7 @@
 /// <reference path="../../node_modules/electron/electron.d.ts" />
 
 interface Window {
+  eval: never
   ipc: Electron.IpcRenderer
   process?: {
     type?: string

packages/desktop/src/preload.ts

@@ -1,3 +1,5 @@
 import electron from 'electron'
 
+// Communication between webapp and electron main process
+// Used on oauth flow
 window.ipc = electron.ipcRenderer

packages/web/src/index.tsx

@@ -1,3 +1,8 @@
+// Security precaution
+;(window as any).eval = global.eval = () => {
+  throw new Error(`This app does not allow window.eval().`)
+}
+
 import '@babel/polyfill'
 import 'react-app-polyfill/ie9'
 import 'resize-observer-polyfill/dist/ResizeObserver.global'