enable dependabot for GitHub actions

[ranocha]

This allows to get updates for GitHub actions automatically. I have used this for my own packages, the Trixi.jl framework, and the SciML organization. After merging this, you could also enable other Dependabot actions in 'Settings -> Code security and analysis -> Dependabot alerts' and '... -> Dependabot security updates'.

See SciML/MuladdMacro.jl#37

[luraess]

I do not really see the advantage of automatising such actions. What does the bot bring additionally?

[ranocha]

Some of the actions that you're using are deprecated. For example, I see

The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2, actions/cache@v1, codecov/codecov-action@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/

in some of your latest CI runs such as https://github.com/JuliaGPU/AMDGPU.jl/actions/runs/5937028661

I don't know how GitHub will handle this in the future. In their blog, they write

What you need to do

For Actions maintainers: Update your actions to run on Node16 instead of Node12 (Actions configuration settings)
For Actions users: Update your workflows with latest versions of the actions which runs on Node16 (Using versions for Actions)

Dependabot will do the latter for you (by creating a PR)