chore: align gh actions and dependabot with ecosystem standard

[edodusi]

With this dependabot will create a single PR "security-updates" with multiple patch updates do deps.
Also a new GH Action will automatically approve any dependabot PR so they can be merged without further approvals.

[silasjoisten]

Cool ! :)

[silasjoisten]

@edodusi to be honest i like the small PRs more of dependabot because its easier to rollback and determine when there was a breaking change in a vendors lib. just to make sure.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.35%. Comparing base (9098c90) to head (b4b1337).

Additional details and impacted files

@@            Coverage Diff            @@
##             master       #7   +/-   ##
=========================================
  Coverage     97.35%   97.35%           
  Complexity      250      250           
=========================================
  Files            59       59           
  Lines          1021     1021           
=========================================
  Hits            994      994           
  Misses           27       27           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[edodusi]

@silasjoisten I get your point. With this one dependabot will only group patch updates, I know that even a patch can potentially break things but to me this is safe enough and it saves some time. And if we later find that this requires more effort from us than what it saves, we can always change strategy. What do you think?