Make dependabot watch workflow files as well

[JonasAlfredsson]

Description

In issue #26 dependabot was added for the Go ecosystem, and it appears to have worked well.
It is possible to expand the configuration to also create updates for dependencies defined in the .github/workflows folder, so they are also up to date.

Motivation

With this we will be notified, and a pull request automatically created, every time there is an update to the dependencies.
It will remove the tedious task of manually checking for updates (and performing them), which is great.

Exemplification

After the introduction of #30 dependabot immediately created #31, #32 and #33.
Something similar will probably happen this time around as well.

Benefits

Using the most recent update is probably preferred so that security fixes are added as soon as they are available.

Possible Drawbacks

It could be that updates to dependencies introduce new bugs, and major version bumps may introduce breaking API changes.
However, I think it is better to run into such issues as soon as possible rather than a year down the line when we might have multiple dependencies do major version upgrades.

[magnusbaeck]

LGTM as long as it doesn't also upgrade the compiler version:

eiffelevents-sdk-go/.github/workflows/build-and-test.yml

Lines 21 to 24 in c78dd31

	- name: Set up Go
	uses: actions/setup-go@v2
	with:
	go-version: "1.17.2"

I suppose it only touches the actions themselves.

[JonasAlfredsson]

If it does something wonky you can actually tune dependabot a bit by just responding to the pull requests it makes.
But I think it will only look at the "uses: " lines when it looks for updates.