ci: Add Dependabot

[sjackman]

Enable Dependabot to open PRs to update dependencies.

Related PR

• ci: Add Dependabot ndarray-stats#106

[akern40]

@sjackman would you mind making a related issue that explains what you see to be the benefits of Dependabot? I'm familiar with its security scanning, but I'm not sure what you mean by "open PRs to update dependencies".

[sjackman]

I'm not sure what you mean by "open PRs to update dependencies".

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates

Keeping your dependencies updated automatically with Dependabot version updates
You can use Dependabot to automatically keep the dependencies and packages used in your repository updated to the latest version, even when they don’t have any known vulnerabilities.

Dependabot will open PRs against your repo to keep your dependencies up to date. See for example this PR that @dependabot opened in rust-bio to update petgraph:

• deps: update petgraph requirement from >=0.4, <0.8 to >=0.4, <0.9 rust-bio/rust-bio#632