SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

this is the library we use to configure otel: https://github.com/jzelinskie/cobrautil/blob/main/otel.go#L107-L116

the grpc client by default assumes TLS is enabled. I don't think any of the other options make that assumption, so I think we should probably set `WithInsecure` there (and then separately we need to support config for configuring TLS to the collector)

another option that should work without any changes to spicedb would be to ensure that the collector is serving TLS that is trusted by the system pool in the spicedb pod (i.e. by mounting the cert into the spicedb image in the right location)