Implement workflows for dependency updates

[CasperWA]

Closes #958

These workflows are similar to the ones in the OPTIMADE Gateway (see https://github.com/Materials-Consortia/optimade-gateway).

The following is done:

• Run Dependabot updates every Monday at 5 UTC.
• Merge into/reset permanent, dedicated dependabot branch whenever there is a new push to master (the default branch).
• Create a PR every Wednesday at 6:30 UTC, requesting to merge a copy of the dedicated dependabot branch into master.
  As a bonus, before opening this PR, an attempt is made at also updating the pre-commit hooks and running pre-commit to commit any changes.
• Enable "auto-merge" for all Dependabot-created PRs.

Remaining issues/manual labour:

• Update setup.py with dependencies according to the Wednesday PR.
• Fix pre-commit if issues arise when running it.
• Fix Dependabot dependency PRs if they do not pass the CI tests.

[codecov]

Codecov Report

Merging #979 (4407117) into master (98175d3) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #979   +/-   ##
=======================================
  Coverage   92.92%   92.92%           
=======================================
  Files          67       67           
  Lines        3787     3787           
=======================================
  Hits         3519     3519           
  Misses        268      268           

Flag	Coverage Δ
project	92.92% <ø> (ø)
validator	92.92% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 98175d3...4407117. Read the comment docs.

[JPBergsma]

Good idea to automate the dependency updates further.
I did not see anything wrong with the changes you made but I do think it would be good if Matthew looked at it as well as I do not know much about setting up git actions.

[ml-evs]

This will definitely save some time, thanks @CasperWA!

Couple of general comments:

• I can foresee is occasionally we have to manually ask dependabot to recreate PRs after another PR has been merged into dependabot_updates. We can see how we go with it though.
• What happens if we don't merge the Wednesday PR before the next one is created? It looks like the dependabot branch gets reset either way?

A few specific comments:

[CasperWA]

Couple of general comments:

• I can foresee is occasionally we have to manually ask dependabot to recreate PRs after another PR has been merged into dependabot_updates. We can see how we go with it though.

It might. However, since we're not making changes to the PRs when activating the auto-merge it shouldn't be crucial.
But then again, since we're disabling the automatic rebasing - yeah...

• What happens if we don't merge the Wednesday PR before the next one is created? It looks like the dependabot branch gets reset either way?

Bad things could happen I think. I haven't tested this. Although I think it may just delete/overwrite the ci/update-dependencies burner branch with the newer updates from dependabot_updates?
It's worth maybe looking at the action documentation, specifically this section.

[ml-evs]

Thanks @CasperWA, let's see how this goes 🙃