Disable `ProcessResourceProvider` by default

### Is your feature request related to a problem? Please describe.

By default, auto instrumentation ships `process.command_args`, which is very dangerous as a lot of java services pass in secrets via command line arguments (see example in additional context).

### Describe the solution you'd like

Can we disable this by default? I see there was some agreement to do this in https://github.com/open-telemetry/opentelemetry-java/issues/3240, but the answer in https://github.com/open-telemetry/opentelemetry-java/pull/4231 doesn't quite do that.

### Describe alternatives you've considered

In the interim, we are testing setting `OTEL_JAVA_DISABLED_RESOURCE_PROVIDERS` to `io.opentelemetry.instrumentation.resources.ProcessResourceProvider` for all of our java apps.

### Additional context

```
java \
  -Dkeycloak.clientSecret="${KEYCLOAK_SECRET:-test}" \
  -jar app.jar
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Disable `ProcessResourceProvider` by default #10151

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Disable ProcessResourceProvider by default #10151

Description

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Disable `ProcessResourceProvider` by default #10151