fix: add dependabot cooldown configuration to resolve zizmor findings

Add default-days: 7 cooldown to all three dependabot update entries
(docker x2, github-actions x1) to satisfy the dependabot-cooldown audit.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: reberhardt7

.github/dependabot.yml

@@ -15,6 +15,8 @@ updates:
     commit-message:
       prefix: "chore"
       include: "scope"   # → chore(deps): bump trivy from 0.69.2 to 0.69.3
+    cooldown:
+      default-days: 7
 
   # app_tests Dockerfile — same as above, plus golang and securego/gosec.
   - package-ecosystem: "docker"
@@ -27,6 +29,8 @@ updates:
     commit-message:
       prefix: "chore"
       include: "scope"
+    cooldown:
+      default-days: 7
 
   # GitHub Actions — tracks all uses: ... action versions.
   - package-ecosystem: "github-actions"
@@ -39,3 +43,5 @@ updates:
     commit-message:
       prefix: "ci"
       include: "scope"   # → ci(deps): bump actions/checkout from v3 to v4
+    cooldown:
+      default-days: 7