ci: deduplicate Dependabot ecosystem and group routine action bumps

Dependabot's github-actions ecosystem at directory `/` already
recursively scans `.github/workflows/` — the second entry pointed at
`/.github/workflows` was producing two PRs for every action update.
Remove it.

Group minor/patch bumps so the weekly Monday run yields one PR per
group instead of five for routine actions/* version updates. Major
bumps still arrive as individual PRs because they're more likely to
need review.

This commit also has the side effect of triggering Dependabot's
manifest-change re-scan, which is how the previously-closed PRs (left
orphaned by the force-push during the v0.1.0 release) get re-created
against the current main.

Author: imanimanyara

.github/dependabot.yml

@@ -1,7 +1,9 @@
 version: 2
 
 updates:
-  # GitHub Actions used in this repo's workflows.
+  # GitHub Actions. Dependabot's github-actions ecosystem at directory `/`
+  # already scans `.github/workflows/` recursively — a second entry pointed
+  # at `/.github/workflows` would duplicate every PR.
   - package-ecosystem: github-actions
     directory: /
     schedule:
@@ -16,19 +18,11 @@ updates:
     labels:
       - dependencies
       - github-actions
-
-  # Catches updates to the workflow files under .github/workflows/.
-  - package-ecosystem: github-actions
-    directory: /.github/workflows
-    schedule:
-      interval: weekly
-      day: monday
-      time: "06:00"
-      timezone: America/New_York
-    open-pull-requests-limit: 10
-    commit-message:
-      prefix: ci
-      include: scope
-    labels:
-      - dependencies
-      - github-actions
+    groups:
+      # Roll patch/minor updates together so we don't get five PRs every
+      # Monday for routine actions/* version bumps. Majors stay separate.
+      actions-minor:
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch