Group dependency updates in the dependabot config

This way we'd get fewer PRs for updates, and it would make it easier to handle them.

- see https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups--