ci(dependencies): add dependabot config

[ReenigneArcher]

Double check these details before you open a PR

• PR does not match another non-stale PR currently opened

Features

This PR adds a dependabot configuration to automatically update dependencies. It will automatically create PRs for outdated dependencies of the following types.

• github actions
• npm (all dev dependencies will be grouped into a single PR)
• python/pip (this normally works for requirements*.txt files even in subfolders, but I don't know if will work in the .github directory)

This PR closes NONE

Notes

This will not start working until the file exists on the default branch. Additionally, dependabot will only run the config that exists on the default branch. This is one reason I would suggest making the default branch develop, although there are plenty of other reasons which mostly involve improving the developer experience.

Personally, I set my dependabot config to run daily, but that may be too overwhelming/annoying for this repo, so I changed it to weekly.

For more dependabot config options, here is the official documentation: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

[Snailedlt]

Dependabot is nice to have, but I don't think we should merge this before we get trunk based branching. As it is now it's too much hassle to check if updated dependencies work as expected, and we don't have proper automated tests in order to confidently merge without manually testing.
Once we get rid of the development branch and move to trunk based development, we can reconsider adding dependabot along with some automated tests :)