Add Dependabot Cooldown

[lynnfaraday]

Overview

Add a dependabot cooldown, same as CareEvolution/MyDataHelpsUI#610

Security

REMINDER: All file contents are public.

• I have ensured no secure credentials or sensitive information remain in code, metadata, comments, etc.
• There are no temporary testing changes committed such as API base URLs, access tokens, print/log statements, etc.
• These changes do not introduce any security risks, or any such risks have been properly mitigated.

Describe briefly what security risks you considered, why they don't apply, or how they've been mitigated.

Consider "Squash and merge" as needed to keep the commit history reasonable on main.

Reviewers

Assign to the appropriate reviewer(s). Minimally, a second set of eyes is needed ensure no non-public information is published. Consider also including:

• Subject-matter experts
• Style/editing reviewers
• Others requested by the content owner

[skyguy94]

This adds support for dependabot package updates. Those are different than dependabot security updates. One path is for vulnerabilities and the other is for bugs.

If you want automatic package updates, then this is fine.

https://docs.github.com/en/code-security/concepts/supply-chain-security/about-dependabot-security-updates

[lynnfaraday]

Since this is a public demo, I do think it's worth keeping the packages up to date. I dialed back the frequency to monthly though because we don't need to be quite so aggressive.