JFR report contains access token

The bug

The JFR report for a client contains the access token of the user. A user might therefore unknowingly leak their access token when sharing the JFR report.

The underlying issue is probably the way the access token is passed to the client, see also related issue MCL-9207 (and follow-up issue MCL-21180).

In previous Minecraft versions this problem existed as well, was then allegedly fixed, but apparently reappeared again.

Reproduction steps

1. Open a singleplayer world
2. Run

   /jfr start
   

3. Run

   /jfr stop
   

4. Copy the report path from chat
5. Open the file with a text editor, e.g. Notepad++ (the file is not a text file, but the access token can be found like this nonetheless)
6. Search for "accessToken"
   The JFR file contains the access token