chore: Add dependabot config

[davidspek]

Description of your changes:
This PR adds a dependabot configuration file that targets npm, pip, gomod, and docker.
https://docs.github.com/en/github/administering-a-repository/enabling-and-disabling-version-updates

This should hopefully help tackle #4682 by generating PRs to update the FROM statement in docker files. https://dependabot.com/blog/dependabot-now-supports-docker/

/cc @Bobgy

I've created a script that will scan the repository for files named *ockerfile* but skipping /components/deprecated*, package*.json, go.* and *requirements.txt. It then goes on to create the yaml file for dependabot so it scans the correct directories. It is setup for dockerfiles, npm, gomod and python at the moment, and I believe this should cover almost all the code in the repo. It is trivial to further customize what folders are selected if further customization is needed. It also parses the closest OWNERS file for a given directory and assigns the approvers and adds the reviewers to the PRs it creates.

As it stands now, there are about 130 PRs that will be created with this configuration, so it might be advisable to have some form of plan to implement it in stages or be ready to quickly go through lots of the PRs. Another option is to create a target branch for all these PRs so they can be merged into that first rather than master.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: DavidSpek
To complete the pull request process, please assign ironpan after the PR has been reviewed.
You can assign the PR to them by writing /assign @ironpan in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[davidspek]

I've just figured out that each folder that contains a Dockerfile or package.json need to be specified separately. I'll go through the repo and try to add all the corresponding folders and update this PR so that dependabot will work properly.

[k8s-ci-robot]

@davidspek: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
kubeflow-pipeline-sample-test	34eb305	link	/test kubeflow-pipeline-sample-test
kubeflow-pipeline-e2e-test	34eb305	link	/test kubeflow-pipeline-e2e-test
kubeflow-pipeline-upgrade-test	34eb305	link	/test kubeflow-pipeline-upgrade-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[davidspek]

/assign @Bobgy

[davidspek]

I am holding the PR to have some control over when it gets merged so that the optional test infra doesn't get overloaded if all the repo's were to merge this at the same time.
/hold

[davidspek]

Closing this in favour of #5056