Update GraphQL Recommended vs Opt-In requirements

The `graphql.document` is user-inputted, often containing sensitive information, potentially unbounded in length and high-cardinality in the same way as the existing `graphql.operation.name` is warned.

For this reason, `graphql.document` is a liability to have listed as `Recommended` without serious infrastructure considerations and needs, making `Opt-In` a better option.  In our customer adoption of OpenTelemetry, we've found our GraphQL customers following this configuration/instruction while not understanding the implications.

In most cases, the lesser liability of `graphql.operation.name` (The actual operation name) is sufficient, as in many GraphQL deployments there is generally a link between the two which can be correlated out of band.  The operation name isn't without its risk, but it's more likely to be dozens of *bytes* of a limited character set rather than dozens, hundreds or potentially thousands of *kilobytes*.  In that regard, I've left `graphq.operation.name` as `Recommended`, though the argument could easily be made that it should also be `Opt-In`.

Author: abernix

docs/graphql/graphql-spans.md

@@ -38,11 +38,11 @@ the span SHOULD be named `GraphQL Operation`.
 
 | Key | Stability | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Value Type | Description | Example Values |
 |---|---|---|---|---|---|
-| [`graphql.document`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Recommended` | string | The GraphQL document being executed. [1] | `query findBookById { bookById(id: ?) { name } }` |
+| [`graphql.document`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Opt-In` | string | The GraphQL document being executed. [1] | `query findBookById { bookById(id: ?) { name } }` |
 | [`graphql.operation.name`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Recommended` | string | The name of the operation being executed. | `findBookById` |
 | [`graphql.operation.type`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Recommended` | string | The type of the operation being executed. | `query`; `mutation`; `subscription` |
 
-**[1] `graphql.document`:** The value may be sanitized to exclude sensitive information.
+**[1] `graphql.document`:** The value SHOULD be sanitized to exclude sensitive information.
 
 ---