add dependabot

[zunda-pixel]

• add dependabot
• add Package.resolved to make bot recognize dependency

[colemancda]

I'm fine adding dependabot but I don't want to add the Package.resolved file

[zunda-pixel]

Dependabot can detect major version updates in Package.resolved if the file exists in the repository.
However, if Package.resolved is not present, Dependabot cannot detect updates — except for major version changes.
Example:
If Package.resolved contains version 7.1.0, Dependabot can create a pull request when an update is available, as long as the file is committed.
But if the repository does not include Package.resolved, Dependabot cannot detect library updates, even if a newer version exists.

This seems to be a limitation of Dependabot, but I think it’s better to explicitly add Package.resolved to the repository so that minor version updates can also be detected.

Please let me know if there are any issues with including Package.resolved in the repository.

[colemancda]

This library is supposed to have 0 dependencies, outside of the standard Apple ones. The dependencies it does have are conditional on the build mode, e.g. docs, embedded, code generation, so I don't think it's a good idea to add the Package.resolved file.