Enable Dependabot for Cargo and GitHub Actions (#103)

* Enable Dependabot for Cargo and GitHub Actions

* Limit Dependabot's Cargo PRs to security fixes

From <https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file>:

> Dependabot default behavior:
>
> - If five pull requests with version updates are open, no further pull requests are raised until some of those open requests are merged or closed.
> - Security updates have a separate, internal limit of ten open pull requests which cannot be changed.
>
> When open-pull-requests-limit is defined:
>
> - Dependabot opens pull requests up to the defined integer value.
> - You can temporarily disable version updates for a package manager by setting this option to zero…

Author: lafrenierejm

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
+---
+# See the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0 # security updates only
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"