According to the developers handbook, these are the functions that should be used when outputting anything:
esc_attr() // Use on everything else that’s printed into an HTML element’s attribute.
esc_html() // Use anytime an HTML element encloses a section of data being displayed.
esc_js() // Use for inline Javascript.
esc_textarea() // Use this to encode text for use inside a textarea element.
esc_url() // Use on all URLs, including those in the src and href attributes of an HTML element.
esc_url_raw() // Use when storing a URL in the database or in other cases where non-encoded URLs are needed.
wp_kses() // Use for all non-trusted HTML (post text, comment text, etc.)
wp_kses_post() // Alternative version of wp_kses() that automatically allows all HTML that is permitted in post content.
wp_kses_data() // Alternative version of wp_kses() that allows only the HTML permitted in post comments.
so in your case it would be:
<label for="<?php echo esc_attr( $this->plugin_name . '-' . $switch['id'] ); ?>">
As pointed out by @jacob-peattie in the case of the second example escaping it s unnecessary, because no dynamic content is being rendered. But if the rejection message specifically pointed out this as something that needs to be escaped, than this is the way to do it:
echo "<style>" . esc_html( "img[ci-src] {opacity: 0;} img.ci-image-loaded {opacity: 1;}" ) . "</style>";
Edit: I mixed up esc_html and esc_attr at first, now it’s correct.