I believe that publish is restricted from recursing beyond a certain depth for security reasons, but I'd like to be able to enable arbitrary recursion in test environments to more easily troubleshoot issues. What config should I change to enable that?
Please keep in mind that this feature should be used with care on the publish side.
It exposes a lot of internal information to the broad public, potentially including personally identifiable information (PII) such as user names of content authors that are often their e-mail addresses (see jcr:createdBy, cq:lastReplicatedBy, jcr:lastModifiedBy). If you increase the allowMaxResults to high values and expose that on the publish side, an external party could use that mechanism to extract your content including lots of details about content creation, content authors and your application in a structured way. Usually, this is not desired and could even pose a security risk. By default, the JSON selector is (and should be) blocked by the dispatcher filter configurations.
If you want to consume content in JSON format for external usage there are other methods that handle similar requirements. So the main question is about your use case and what you want to achieve with this.
Please take a look at the following resources for alternative approaches: