ci(dependabot): restore cargo PR limit so security + version PRs flow

Aligns with hyperpolymath/rsr-template-repo#37: open-pull-requests-limit: 0
empirically suppressed Dependabot SECURITY PRs in addition to version
updates. Restoring limit: 10 with grouped minor/patch updates to keep
noise contained while letting security advisories flow.

Author: hyperpolymath

.github/dependabot.yml

@@ -18,7 +18,14 @@ updates:
     # `ignore: "*" patch` rule also silenced security PRs under GitHub\'s
     # current Dependabot behaviour. See rsr-template-repo commit 78b050e
     # and 007-lang/audits/audit-dependabot-automation-gap-2026-04-17.md.
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 10
+    groups:
+      cargo:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
 
   - package-ecosystem: "npm"
     directory: "/"
@@ -28,4 +35,4 @@ updates:
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "weekly"