Problem/Motivation
#3036593: Add 'drupal_internal__target_id' to JSON:API representation of entity reference fields, because that can't be retrieved from the target resource for target entity types without corresponding resources added a meta.drupal_internal__target_id value on the relationship identifier for entity reference fields; this is super helpful to client-side implementations to filter by Drupal IDs, rather than UUID.
There are some circumstances (user IDs, for instance) where I would like to hide Drupal's internals, entirely. Serial fields in particular can leak information relating to the site's total user count, or the relative age of a user, or whatever, from the ID.
This isn't a huge issue, and enumeration of Drupal users (and other entities) by ID is not considered a security risk per se, but this value's automatic inclusion makes it harder to build a site that is API-forward in using UUIDs everywhere.
Because json:api module exposes a very limited PHP API, this is difficult to adjust in contrib or custom code.
It might be interesting to couple this with an opt-out of all the drupal_internal__* meta members, but this may be too edge a use case to make sense in core. The issue is mostly that this is pretty difficult to opt-out of without hacking core, since there is no real hookpoint to adjust this.