fix(ci): switch dependabot to chore(deps) prefix and add deps-dev scope

[AbongileBoja]

Summary

• Dependabot was emitting deps: / deps-dev: as commit-message type prefixes
• commitlint rejects those — only the standard Conventional Commits types are in type-enum
• Result: every Dependabot PR fails the "Commit message lint" check, blocking all 17 currently open dependabot PRs (chore: Bump Microsoft.NET.Test.Sdk from 17.14.1 to 18.5.1 #237, chore: Bump Microsoft.Extensions.Caching.Abstractions and 4 others #231, chore: Bump Microsoft.Sbom.Targets from 3.0.1 to 4.1.5 #227, chore: Bump microsoft.dotnet.apicompat.tool from 9.0.100 to 10.0.203 #225, chore: Bump CsCheck from 3.2.2 to 4.6.2 #224, chore: Bump coverlet.collector from 6.0.4 to 10.0.0 #223, chore: Bump BenchmarkDotNet and BenchmarkDotNet.Diagnostics.Windows #222, chore: Bump xunit from 2.9.2 to 2.9.3 #221, chore: Bump Meziantou.Analyzer and 5 others #219, chore: Bump Microsoft.EntityFrameworkCore and 2 others #218, chore: Bump Microsoft.Extensions.Caching.Abstractions and 4 others #217, chore(deps): Bump github/codeql-action from 3.35.2 to 4.35.2 #214, chore(deps): Bump marocchino/sticky-pull-request-comment from 2.9.2 to 3.0.4 #213, chore(deps): Bump softprops/action-gh-release from 2.6.2 to 3.0.0 #212, chore(deps): Bump the actions-core group across 1 directory with 5 updates #211, chore(deps-dev): bump @commitlint/cli from 19.8.1 to 20.5.2 #210, chore(deps-dev): Bump @commitlint/config-conventional from 19.8.1 to 20.5.0 #209)

Fix

• .github/dependabot.yml: all three ecosystems (nuget, github-actions, npm) switched to prefix: chore + include: scope. Dependabot will now emit chore(deps): ... and chore(deps-dev): ...
• .commitlintrc.json: added deps-dev to scope-enum (we already had deps)
• Validated both messages pass npx commitlint locally; the old deps: form correctly fails

Why structural

Editing PR titles wouldn't help — the lint job (.github/workflows/ci.yml:614-617) runs commitlint --from=base.sha --to=head.sha, validating every commit in the range. Closing and reopening 17 PRs by hand is wasteful churn.

Test plan

• npx commitlint accepts chore(deps): bump xunit from 2.9.2 to 2.9.3
• npx commitlint accepts chore(deps-dev): bump @commitlint/cli from 19.8.1 to 20.5.2
• npx commitlint rejects the legacy deps: bump xunit ... form
• Dependabot YAML parses cleanly via js-yaml
• After merge: comment @dependabot recreate on each of the 17 open PRs to regenerate them

Closes #238

[github-actions]

Package	Line Rate	Branch Rate	Complexity	Health
QuerySpec.Analyzers	93%	84%	133	✔
QuerySpec.Analyzers.CodeFixes	90%	70%	50	➖
QuerySpec.Core	93%	84%	959	✔
QuerySpec.DependencyInjection	92%	75%	43	✔
QuerySpec.EFCore	86%	77%	303	➖
Summary	91% (2118 / 2316)	81% (930 / 1143)	1488	✔