Add dependabot config

[michaelosthege]

What is this PR about?
Ideally I'd like to have dependabot bump our PyTensor version pin, but as of 2023-01 it does not yet support conda environments, and the fact that we have versions pinned in environment.yml and requirements.txt at the same time will further complicate things.

However, we can already use it to keep our GitHub Actions updated.

Checklist

• Explain important implementation details 👆
• Make sure that the pre-commit linting/style checks pass.
• Link relevant issues (preferably in nice commit messages)
• Are the changes covered by tests and docstrings?
• Fill out the short summary sections 👇

Maintenance

• Added dependabot to keep GitHub Actions updated.

[maresb]

Ah, I was just wondering myself how to update GHA. I found this but it's complicated due to the fact that the standard ${{secrets.GITHUB_TOKEN}} doesn't allow creating PRs which modify the .github/workflows directory. (You have to set up a bot account.)

I haven't used dependabot yet myself, and this is some deliciously simple declarative conf, and seems much simpler than the above action. I'm very interested in seeing if this works as expected so that I can apply it elsewhere.

[michaelosthege]

dependabot is a very active contributor to McBackend: https://github.com/michaelosthege/mcbackend/pulls?q=is%3Apr+is%3Aclosed

Over there I use it to update requirements.txt too