ci(dependabot): drop gomod ecosystem — sibling-replace incompatible [skip ci]

Dependabot gomod updates failed on every run because go.mod uses
`replace instant.dev/common => ../common` and `replace instant.dev/proto
=> ../proto`. Dependabot's sandbox clones only this repo so `../common`
and `../proto` don't exist; every `go mod tidy` post-candidate-update
fails with "cannot find module providing package instant.dev/common/*".

This is documented Dependabot behavior: the gomod ecosystem cannot
resolve filesystem replace directives that target paths outside the
cloned repo.

Keeping github-actions ecosystem only — it's self-contained and catches
CVE'd action versions (e.g. the tj-actions/changed-files
supply-chain attack class), which is the higher-severity risk.

Long-term: when common/proto are published as registry modules
(removing the replace directives), gomod can be re-added.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: mastermanas805

.github/dependabot.yml

@@ -1,24 +1,5 @@
 version: 2
 updates:
-  - package-ecosystem: gomod
-    directory: "/"
-    schedule:
-      interval: weekly
-      day: monday
-      time: "06:00"
-      timezone: Etc/UTC
-    open-pull-requests-limit: 5
-    groups:
-      gomod-security:
-        applies-to: security-updates
-        patterns:
-          - "*"
-      gomod-minor-patch:
-        applies-to: version-updates
-        update-types:
-          - minor
-          - patch
-
   - package-ecosystem: github-actions
     directory: "/"
     schedule: