enable dependabot for GitHub actions

[ranocha]

This allows to get updates for GitHub actions automatically. I have used this for my own packages, the Trixi.jl framework, and the SciML organization. After merging this, you could also enable other Dependabot actions in 'Settings -> Code security and analysis -> Dependabot alerts' and '... -> Dependabot security updates'.

See SciML/MuladdMacro.jl#37

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.31%. Comparing base (f453201) to head (739ebc3).
Report is 1 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master      #19       +/-   ##
===========================================
+ Coverage   51.55%   75.31%   +23.75%     
===========================================
  Files           7       20       +13     
  Lines         225      397      +172     
===========================================
+ Hits          116      299      +183     
+ Misses        109       98       -11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.