Sanitize query parameters in url.full telemetry

[heaths]

Uses LoggingOptions::additional_allowed_query_params.

[Copilot]

Pull request overview

This PR updates azure_core distributed tracing instrumentation to sanitize query parameter values in the url.full span attribute, aligning trace output with the existing logging allow-list behavior.

Changes:

• Plumbs an allow-list of query parameter names into RequestInstrumentationPolicy and uses Sanitizer::sanitize when setting url.full.
• Derives the allow-list from DEFAULT_ALLOWED_QUERY_PARAMETERS plus LoggingOptions::additional_allowed_query_params during ClientOptions::deconstruct.
• Updates/extends tests to validate default redaction behavior and custom allow-list behavior.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
sdk/core/azure_core/src/http/policies/instrumentation/request_instrumentation.rs	Adds allow-list support to request instrumentation and sanitizes url.full; updates and adds tests.
sdk/core/azure_core/src/http/policies/instrumentation/public_api_instrumentation.rs	Updates tests to construct RequestInstrumentationPolicy with the new allow-list parameter.
sdk/core/azure_core/src/http/pipeline.rs	Passes the merged allow-list into RequestInstrumentationPolicy when building the pipeline.
sdk/core/azure_core/src/http/options/mod.rs	Computes merged allowed query params (defaults + logging additions) and stores them in CoreClientOptions.
sdk/core/azure_core/src/http/options/instrumentation.rs	Documents that logging query allow-list impacts traced URL sanitization.
sdk/core/azure_core/CHANGELOG.md	Adds an entry describing the new sanitization behavior.

[jsquire]

I wouldn't trust my Rust knowledge beyond some very shallow recognition, but the comments that describe the intent seem to match the flow and sanitize appears to be called in the expected locations.