enable dependabot for GitHub actions

[ranocha]

This allows to get updates for GitHub actions automatically. I have used this for my own packages, the Trixi.jl framework, and the SciML organization. After merging this, you could also enable other Dependabot actions in 'Settings -> Code security and analysis -> Dependabot alerts' and '... -> Dependabot security updates'.

See https://github.com/SciML/MuladdMacro.jl/pull/37

[codecov[bot]]

Codecov Report

Patch and project coverage have no change.

Comparison is base (1218fd2) 78.31% compared to head (89a4ee5) 78.31%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #81 +/- ## ======================================= Coverage 78.31% 78.31% ======================================= Files 10 10 Lines 521 521 ======================================= Hits 408 408 Misses 113 113 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaIO). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaIO)

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.