Clarify Windows hash command constants

Agent-Logs-Url: https://github.com/version-fox/vfox-python/sessions/5852e539-b06d-4c0c-b5d1-b981726a91d9

Co-authored-by: bytemain <13938334+bytemain@users.noreply.github.com>

Author: Copilot

lib/util.lua

@@ -15,6 +15,7 @@ local version_vault_url = "https://vault.vfox.dev/python/pyenv"
 local uv_build_vault_url = "https://vault.vfox.dev/python/uv-build"
 local UV_BUILD_GITHUB_RELEASE_PATTERN = "/releases/download/([^/]+)/([^/]+)$"
 local SHA256_HEX_LENGTH = 64
+local URL_ENCODED_DOT = "%2e"
 
 -- request headers
 local REQUEST_HEADERS = {
@@ -231,7 +232,7 @@ end
 local function containsTraversalSegment(value)
     local normalizedValue = string.gsub(value, "\\", "/")
     local lowerValue = string.lower(normalizedValue)
-    if string.find(lowerValue, "%2e", 1, true) then
+    if string.find(lowerValue, URL_ENCODED_DOT, 1, true) then
         return true
     end
     for segment in string.gmatch(normalizedValue, "[^/]+") do
@@ -472,9 +473,9 @@ local function verifyUvBuildArchive(path, sha256)
 
     local status
     if RUNTIME.osType == "windows" or OS_TYPE == "windows" then
+        local getFileHashScript = "& { param([string]$p) (Get-FileHash -LiteralPath $p -Algorithm SHA256).Hash }"
         local command = "powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command " ..
-            shellQuote("& { param([string]$p) (Get-FileHash -LiteralPath $p -Algorithm SHA256).Hash }") ..
-            " " .. shellQuote(path)
+            shellQuote(getFileHashScript) .. " " .. shellQuote(path)
         local handle = io.popen(command)
         if handle == nil then
             error("Unable to verify uv-build archive sha256 for " .. path .. ": powershell Get-FileHash command could not be started")