Don't render playground code by default #2906
Description
Problem
A security and privacy improvement would be that the playground code in theme/book.js is not rendered to book/book.js upon build if not explicitly enabled in book.toml.
It is a security enhancement because it lowers the attack surface for remote code execution. Even if user sets runnable = false under [output.html.playground] the code is still available in rendered book.js, disabling it (if having Rust code) currently only removes <pre class="playground"> as mentioned in #2897 , i.e. it does not matter what type of book it is, if only using markdown that code is still there by default.
It is a privacy benefit because if using playgrounds, the rust code gets sent to a third party server. Having it disabled by default would make it possible to add to documentation that enabling this feature sends the rust code to a third party server, so only those comfortable with this will enable it.
Current workaround is to comment out playground code in themes/book.js as mentioned in #2887 .
Proposed Solution
There should be a value in book.toml which by default is set to false and this makes so no playground code is rendered in book/book.js.
Notes
No response