feat: block AviatorScript-specific syntax in eval() for cross-platform compatibility

[Copilot]

fix: #464

jCasbin's eval() function exposes AviatorScript namespace methods (seq.list(), string.startsWith(), math.sqrt(), etc.) and advanced features (lambda, let, for, etc.) that don't exist in other Casbin implementations, breaking policy portability across Go/Node.js/Python/.NET.

Changes

Expression Validator

• New ExpressionValidator class blocks AviatorScript-specific patterns via regex matching
• Validates expressions in BuiltInFunctions.eval() before execution
• Failed validation logs warning and returns false (no exceptions thrown)

Blocked Syntax

• Namespace methods: seq.*, string.*, math.*
• Control flow: lambda, let, fn, for, while, return, if-then-else, ->, =>

Still Allowed

• Standard operators: &&, ||, ==, !=, <, >, <=, >=, +, -, *, /, !, in
• Casbin built-ins: g(), keyMatch*(), regexMatch(), ipMatch(), globMatch(), eval()
• Custom functions registered via addFunction()

Example

// ❌ Blocked - AviatorScript-specific
eval("seq.list('admin', 'editor')")
eval("string.startsWith(r.path, '/admin')")
eval("lambda(x) -> x * 2")

// ✅ Allowed - Standard Casbin
eval("r.age > 18 && r.role == 'admin'")
g(r.sub, p.sub) && keyMatch(r.path, p.path)
customFunction(r.value)  // User-registered function

Test Coverage

Added ExpressionValidatorTest with 10 test methods covering valid/invalid syntax patterns. All 264 existing tests pass.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 85.18519% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.13%. Comparing base (97d474b) to head (988fa5a).

Files with missing lines	Patch %	Lines
...java/org/casbin/jcasbin/util/BuiltInFunctions.java	40.00%	3 Missing ⚠️
...a/org/casbin/jcasbin/util/ExpressionValidator.java	95.45%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #514      +/-   ##
==========================================
+ Coverage   67.98%   68.13%   +0.14%     
==========================================
  Files          63       64       +1     
  Lines        3089     3116      +27     
  Branches      574      577       +3     
==========================================
+ Hits         2100     2123      +23     
- Misses        805      809       +4     
  Partials      184      184              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.