I would argue that using assert for argument validation on public methods is bad practice in general. assert is intended to fail early whenever (due to a bug) a condition becomes true that the developer is sure “could never happen”.
For example, “I know for certain that this list here has an even number of items; but if it didn’t, the code later on would not work properly and might throw confusing exceptions, because it relies on the fact that the number should be even. By using assert, I can state the precondition as code, and fail early, if a bug gets introduced that breaks the precondition.”
This should cover exactly your case, except not for private methods. The reason is, like @bduderstadt pointed out, assert is meant to check internal states/conditions/constraints for which the developer is sure they hold true unless the developer made a mistake. Since private methods cannot be called by anyone else, parameters of private methods can be considered part of the internal state, and hence, using assert should be allowed.
I think we should extend the rule though so that also protected and package-protected methods are reported because they can be called from outside the class. I created a ticket here.