Configure Dependabot to also attempt minor/patch updates for dependencies

[tdonohue]

Description

Create dependabot.yml. Add an initial configuration which does the following:

• Checks for dependency updates weekly. Automatically creates PRs for non-major updates (i.e. minor and patch only)
• Configures groups for Angular & NgRx updates to ensure these dependencies are updated together in a single PR. (Otherwise, dependabot will attempt to send a PR per dependency)
• Enables dependabot also on dspace-8_x and dspace-7_x branches (currently, all branches have identical settings)

References

• https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates
• https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates

Instructions for Reviewers

I don't believe there is any way to test this other than to apply it and see what Dependabot does.

[tdonohue]

Asked for any objections in Slack #dev channel. No one objected and there was support from @alanorth . So, I'm merging this as-is to test it out. If this works well for the frontend, then we'll want to do something similar for the backend. If it doesn't work, we can revert to only using dependabot for security updates.