Store: @ngxs/router-plugin fails when running with a Content-Security-Policy that doesn't allow 'unsafe-eval'

Versions

* @ngxs/router-plugin: 3.1.3
* @angular/core: 6.0.4

Repro steps

• Take a basic Angular application with routing and @ngxs/router-plugin that is deployed without CSP
• Add <meta http-equiv="Content-Security-Policy" content="script-src 'self'"> to the HTML

No Stackblitz link, because the template there uses the Angular JIT compiler, which itself requires eval, so it fails before ngxs can even run. I can upload a repo, if that would help.

Observed behavior

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
    at new Function (<anonymous>)
    at fastPropGetter (ngxs-store.js:70)
    at getSelectorFn (ngxs-store.js:981)
    at Store.../node_modules/@ngxs/store/fesm5/ngxs-store.js.Store.select (ngxs-store.js:1000)
    at RouterState.../node_modules/@ngxs/router-plugin/fesm5/ngxs-router-plugin.js.RouterState.setUpStoreListener (ngxs-router-plugin.js:142)
    at new RouterState (ngxs-router-plugin.js:108)

Desired behavior

It shouldn't fail and instead use a fallback or precompilation.

Mention any other details that might be useful (optional)

It thought that fastPropGetter could be wrapped with a check if it's supported (try { return !!new Function(''); } catch (e) { return false; }), but that's no good solution, because it would trigger a CSP violation (and a report) just by checking. It think adding the check as new module option would be preferable.