trustAllX509Certificates

Insecure. When true, the Agent's HTTP client trusts every X.509 certificate presented by HTTPS scrape targets — no hostname or chain validation. Intended only for self-signed internal endpoints during development; logs a warning at startup. Resolved from CLI → TRUST_ALL_X509_CERTIFICATES env var → agent.http.enableTrustAllX509Certificates config.

Scope is process-global and all-or-nothing: enabling it to reach one self-signed endpoint disables validation for every HTTPS target this agent scrapes. There is no per-target trust override.