Adjust dependabot config to reduce dependabot issue frequency

[mhucka]

Description of the issue

It's good that Dependabot is running and keeping dependencies up to date, but bad because it's creating a lot of individual PRs every week that require developer time spent dealing with them:

Dependabot has some config knobs we can fiddle with. We could try to adjust the config to reduce the spam. We could also investigate the use of auto-merging actions (e.g., merge-me-action) to auto-merge some Dependabot updates that are a low-risk. (E.g., maybe cirq-web JS updates can be auto-merged if they only involve minor version changes.)

[mhucka]

Since the time this issue was written, we've made adjustments to the Dependabot config, and PR #7033 will change it further. I think this issue can be closed; we're making adjustments, and we'll probably continue making them over time, and that was really the main point of this issue.