Overhaul our github actions for better dep updates & testing

[aarongable]

This PR is based on the recommendations at https://words.filippo.io/dependabot/

Create a new github action which runs on a daily cron. It checks out Boulder, then updates all of our dependencies (go, DOCKERFILE, and docker-compose), then actually runs the tests. If this fails, then it indicates to us that one of our dependencies has introduced a breaking change, and we need to investigate. GitHub's action notification mechanism will let us know. This requires a new script which can parse our docker-compose file, look for newer versions of our images, and write them back to the file. This script was written by an LLM.

Move the govulncheck action out of CI and into this scheduled cron workflow. It's very annoying when govulncheck blocks unrelated PRs, so moving it out of the CI workflow makes sense. And our "all CI jobs must pass" job wasn't depending on the result of govulncheck anyway.

With those new actions established, simplify our dependabot config. Now it will only ever open PRs to update certain go dependencies that we know we always want to take the latest version of: those we maintain ourselves, plus the PSL and ZLint. At the same time, reorganize the dependabot config to have consistent ordering and formatting between the three major stanzas.

While we're here, make other minor fixes to our various workflows, such as standardizing stanza order, fixing bad indentation, updating the name we use for hotfix release branches, etc.