enable dependabot for GitHub actions

[ranocha]

This allows to get updates for GitHub actions automatically. I have used this for my own packages, the Trixi.jl framework, and the SciML organization. After merging this, you could also enable other Dependabot actions in 'Settings -> Code security and analysis -> Dependabot alerts' and '... -> Dependabot security updates'.

See SciML/MuladdMacro.jl#37

[codecov]

Codecov Report

Merging #214 (e241058) into master (f9f94c1) will decrease coverage by 0.45%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #214      +/-   ##
==========================================
- Coverage   97.92%   97.48%   -0.45%     
==========================================
  Files           4        4              
  Lines         676      675       -1     
==========================================
- Hits          662      658       -4     
- Misses         14       17       +3     

see 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more