Implement spec-compliant selective query parameter redaction for `url.full` and `url.query`

[NameHaibinZhang]

Component

OBI (eBPF instrumentation)

Problem

Background

Currently, we strip the entire query string from url.full by default to prevent leaking sensitive data (tokens, PII). When url.query is opted in, the full query string is preserved as-is. This provides a safe baseline but doesn't fully align with the OTel HTTP semantic conventions.

What the spec says

Per the semantic conventions:

Sensitive content provided in url.full SHOULD be scrubbed when instrumentations can identify it.

The spec defines a default list of sensitive query parameter keys whose values should be redacted:

• AWSAccessKeyId
• Signature
• sig
• X-Goog-Signature

Additionally:

• Matching of query parameter keys against the sensitive list SHOULD be case-sensitive
• When a query string value is redacted, the query string key SHOULD still be preserved (e.g. sig=REDACTED)
• Instrumentation MAY provide a way to override this list via declarative configuration
• Users may signal additional sensitive parameters

Proposed Changes

1. url.full: Instead of stripping the entire query string, selectively redact values of known sensitive keys while preserving the rest of the query string
2. url.query: When opted in, populate it as a separate attribute with the same redaction rules applied
3. Configuration: Provide a way for users to extend the default sensitive key list with additional keys

Example

Input URL: https://api.example.com/path?q=OpenTelemetry&sig=abc123&page=1

Scenario	Output
Current (no opt-in)	https://api.example.com/path
Expected (no opt-in)	https://api.example.com/path?q=OpenTelemetry&sig=REDACTED&page=1
Expected (opt-in url.query)	url.full: https://api.example.com/path?q=OpenTelemetry&sig=REDACTED&page=1 url.query: `q=OpenTelemetry

Describe the solution you'd like

#2069

Describe alternatives you've considered

No response

Additional context

No response