Use word-boundary regex to detect now in CEL expressions

The simple `"now" in expression` substring check could produce false
positives for identifiers like `renown` or `knows`, setting `_uses_now`
unnecessarily. Replace with `_NOW_RE = re.compile(r"\bnow\b")` so only
the standalone identifier is matched.

The `\b` assertion matches at the boundary between word characters
(`[a-zA-Z0-9_]`) and non-word characters. Since CEL identifiers are
`[_a-zA-Z][_a-zA-Z0-9]*`, any occurrence of `now` as an identifier —
including inside expressions like `timestamp(now)` — is always flanked
by non-identifier characters, so this approach produces no false
negatives.

Author: stefanvanburen

protovalidate/internal/rules.py

@@ -14,6 +14,7 @@
 
 import dataclasses
 import datetime
+import re
 import typing
 from collections.abc import Callable, Container, Iterable, Mapping
 
@@ -44,6 +45,9 @@ def _is_repeated(field: descriptor.FieldDescriptor) -> bool:
         return field.label == descriptor.FieldDescriptor.LABEL_REPEATED  # type: ignore[attr-defined]
 
 
+_NOW_RE = re.compile(r"\bnow\b")
+
+
 class CompilationError(Exception):
     pass
 
@@ -413,7 +417,7 @@ def add_rule(
             rules = validate_pb2.Rule()
             rules.id = expression
             rules.expression = expression
-        if "now" in rules.expression:
+        if _NOW_RE.search(rules.expression):
             self._uses_now = True
         ast = env.compile(rules.expression)
         prog = env.program(ast, functions=funcs)