Update Dependabot configuration for GitHub Actions and Maven

[stweil]

Added configuration for GitHub Actions and Maven updates.

[stweil]

@solth, this configuration can help with keeping the dependencies up to date.

As soon as this file is added, Dependabot can be configured to create pull requests for dependency updates (see advanced security settings of the project).

There already exist a lot of such updates for GitHub actions and Maven packages (see https://github.com/stweil/kitodo-production/pulls).

Dependabot can automatically assign labels to the created pull requests. These labels are to be discussed und must match existing or newly created labels.

[stweil]

These labels are optional. Any label can be configured here.

[stweil]

See comment above.

[stweil]

If desired, we can remove this part and start with updates for GitHub actions only.

[solth]

As soon as this file is added, Dependabot can be configured to create pull requests for dependency updates (see advanced security settings of the project).

@stweil Dependebot integration is already configured in the repository settings and Dependebot has been opening pull requests in this repository since many years, see https://github.com/kitodo/kitodo-production/pulls?q=is%3Apr+is%3Aclosed+author%3Aapp%2Fdependabot
Why is an additional GitHub action required?

[stweil]

It's not an additional GitHub action, but a configuration file which is required for the additional Dependabot setting ("Dependabot version updates"). Without it, there won't be automated pull requests for updates of GitHub actions, for example. The current settings only create pull requests for security updates. We are free to decide whether we also want to get pull requests for non-security updates (which might be bug fixes!).

[stweil]

@solth, I'd remove the "draft" status as soon as you are happy with the current labels (dependencies, github-actions and java) and update targets (github-actions and maven).