Always let Dependabot propose Cargo.lock updates

This fixes a bug in the `dependabot.yml` configuration since #1948,
where we intend Dependabot to include the effect of `cargo update`,
but this does not happen because `dependency-type: all` was not
explicitly allowed.

This does not make an analogous change to the Dependabot
configuration for GitHub Actions, because `all` and `direct`
currently have the same effect for them (and it is not obvious how
it would work if that ever changes, or which we would prefer).

For details on why this is needed for Dependabot to update most
locked dependencies in `Cargo.lock` aside from the case where the
update is done as part of updating a `Cargo.toml` dependency, see:

- https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated#allowing-specific-dependencies-to-be-updated
- https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#dependency-type-allow

Author: EliahKagan

.github/dependabot.yml

@@ -7,9 +7,12 @@ updates:
     commit-message:
       # Avoid non-"purposeful" prefix due to Dependabot misdetecting style (see `DEVELOPMENT.md`).
       prefix: ''
+    allow:
+      - dependency-type: all
     groups:
       cargo:
         patterns: ['*']
+
   - package-ecosystem: github-actions
     directory: '/'
     schedule: