enable dependabot for GitHub actions

[ranocha]

This allows to get updates for GitHub actions automatically. I have used this for my own packages, the Trixi.jl framework, and the SciML organization. After merging this, you could also enable other Dependabot actions in 'Settings -> Code security and analysis -> Dependabot alerts' and '... -> Dependabot security updates'.

See https://github.com/SciML/MuladdMacro.jl/pull/37

[codecov[bot]]

Codecov Report

Patch and project coverage have no change.

Comparison is base (a52b2ab) 87.08% compared to head (fdeec6e) 87.08%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #89 +/- ## ======================================= Coverage 87.08% 87.08% ======================================= Files 3 3 Lines 209 209 ======================================= Hits 182 182 Misses 27 27 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaMath). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaMath)

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.