ci(renovate): Use security best practices

- Add config:best-practices to extends (pins digests, GitHub Action digests, config migration, dev dep pinning, abandonment alerts, npm min release age)
- Enable dependencyDashboard (currently false, required by best practices)
- Add minimumReleaseAge: "14 days" to the automerge rule — prevents merging malicious packages before registries can pull them
- Enable osvVulnerabilityAlerts and vulnerabilityAlerts

Author: amilcarlucas

renovate.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [],
+  "extends": ["config:best-practices", ":semanticCommits"],
   "enabledManagers": ["pre-commit", "custom.regex"],
   "repositories": ["ArduPilot/MethodicConfigurator"],
   "platform": "github",
@@ -21,6 +21,7 @@
     {
       "matchManagers": ["pre-commit"],
       "automerge": true,
+      "minimumReleaseAge": "14 days",
       "pinDigests": true,
       "rangeStrategy": "pin"
     },
@@ -45,7 +46,11 @@
     }
   ],
   "pin": {"enabled": true},
-  "dependencyDashboard": false,
+  "dependencyDashboard": true,
+  "osvVulnerabilityAlerts": true,
+  "vulnerabilityAlerts": {
+    "enabled": true
+  },
   "ignorePaths": ["**/node_modules/**", "**/bower_components/**", "**/.git/**"],
   "customManagers": [
     {