Let's try dependabot

[tedinski]

Description of changes:

This seems like a simple and quick addition, so let's see what happens.

This should get us dependency update PRs (for cargo deps + github actions) every monday, if I'm reading the docs right.

Call-outs:

This is the config for dependabot updates, which is different from the dependabot alerts thing that just checks for security issues.

One thing I'm concerned about is the lack of grouped updates: dependabot/dependabot-core#1190

We might get a PR for every updated dependency individually, which is maybe awful and not what we want.

Testing:

• How is this change tested? yolo

• Is this a refactor change? no

Checklist

• Each commit message has a non-empty body, explaining why the change was made
• Methods or procedures are documented
• Regression or unit tests are included, or existing tests cover the modified code
• My PR is restricted to a single feature or bugfix

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

[tedinski]

I changed my mind, lack of batching is killer