ci(deps): let dependabot watch Python dependencies too

The dependabot config only covered github-actions, so runtime and dev
deps in pyproject.toml stayed in a manual-bump grey zone. Add a `pip`
ecosystem entry grouped under a single `python-deps` group so bumps
arrive as one consolidated PR per week instead of a dozen noisy ones.

Author: oliverandrich

.github/dependabot.yml

@@ -4,3 +4,12 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      python-deps:
+        patterns:
+          - "*"