JDBC Instrumentation exposes password via db.user

[cleverchuk]

Describe the bug
For a JDBC url of the format jdbc:mysql://username:password@host:port/db for MySQL, the instrumentation sets the db.user semantic attribute as username:password. This inadvertently exposes the database password.

Steps to reproduce

• Clone this repo or create your own
• Open complete project folder
• In the application properties replace spring.datasource.url=jdbc:mysql://${MYSQL_HOST:localhost}:3306/db_example with spring.datasource.url=jdbc:mysql://springuser:ThePassword@${MYSQL_HOST:localhost}:3306/db_example
• Comment out:
  • spring.datasource.username=springuser
  • spring.datasource.password=ThePassword
• Replace the content of docker-compose.yml with

       services:
         mysql:
           image: mysql
           ports:
             - "3306:3306"
           expose:
             - "3306"
           environment:
             - MYSQL_USER=springuser
             - MYSQL_PASSWORD=ThePassword
             - MYSQL_DATABASE=db_example
             - MYSQL_ROOT_PASSWORD=root
           volumes:
             - "./conf.d:/etc/mysql/conf.d:ro"
  

• Start the mysql container
• Run app with agent attached
• Inspected exported span for db.user attributes value

What did you expect to see?
The semantic attribute db.user should contain only springuser

What did you see instead?
The semantic attribute db.user contains springuser:ThePassword

What version are you using?
1.22.0

Environment
Compiler: openjdk version "11.0.18" 2023-01-17 LTS
OS: Mac OS Monterey
Runtime: Same as above
OS: Same as above

Additional context
Add any other context about the problem here.