Configure Dependabot for npm upgrades

[wilkinsona]

Dependabot's PRs for NPM dependency upgrades have unwanted labels so we should provide some configuration for it to use.