What you have above is how the smart contract "itself" gets the current time.
When you add anchor.web3.SYSVAR_CLOCK_PUBKEY to your accounts, you're not passing in time from the frontend. You're simply specifying the public key of a system account that stores a cluster of on-chain data relating to time on Solana.
That account is verified by theclock: Sysvar<Clock, 'info> line in your validator and is the authority on handling time in Solana.