Set up dependabot

[troy0820]

Should we set up dependabot for this repo?

It will help us be consistent with the updates that need to happen where this is pulled in as a dep.

[justaugustus]

xref this convo for context:

getporter/porter#3270 (comment):

...but we can merge this and then the other or the other promote to v0.10.0 and then import that to get rid of the indirect dep

@troy0820 — Minor aside that getporter/magefiles does not have Dependabot configured (unlike this repo; unsure if that's intentional), so any future updates on the upstream will require manual intervention (which could cause the magex versions to diverge).

getporter/porter#3270 (comment):

@troy0820 — Minor aside that getporter/magefiles does not have Dependabot configured (unlike this repo; unsure if that's intentional), so any future updates on the upstream will require manual intervention (which could cause the magex versions to diverge).

Yeah, not sure if we want to but it will be good to enforce that there so we can deal with CVEs updates where necessary and uplift that here. We can put an issue there for this. I can merge this PR.

Thanks @justaugustus