ci: investigate Dependabot version updates

[GraemeWatt]

We could use Dependabot to automatically update package versions of GitHub Actions and Python packages specified in the requirements.txt file. This would be particularly useful in addressing #550. A dependabot.yml configuration file needs to be placed in the repository.

[GraemeWatt]

I've configured Dependabot to check weekly for updates to GitHub Actions and Python packages. I've merged all PRs opened by Dependabot apart from for pytest-cov (#576, need to keep pin <4.0.0) and pluggy (#582, removed direct dependence). There were a couple of problems getting the CI to run for the PRs opened by Dependabot, which I mention below for future reference.

1. Secrets are populated from Dependabot secrets. GitHub Actions secrets are not available. It was necessary to add SAUCE_USERNAME and SAUCE_ACCESS_KEY as Dependabot secrets for the repository before the end-to-end tests could be run via Sauce Labs.
2. GITHUB_TOKEN has read-only permissions by default. The coverage/coveralls check was not being updated, even though coveralls was running successfully. I added (13ed6af) permissions: write-all to the test job. This might be too permissive, as probably only checks: write is needed, but it was simpler to implement.