Figure out what to do with Dependabot

[Eric-Arellano]

Due to now testing all notebooks when requirements.txt change (https://github.com/Qiskit/documentation/pull/1831), dependabot now fails. That's because it cannot access the GitHub Actions Secret due to GitHub's security defaults. See https://github.com/Qiskit/documentation/pull/1839 for an example failure.

We have two options:

1. Stop using Dependabot and manually update the versions when new releases happen.
2. Ask the security team if we can give Dependabot access to the secret.

Update: we agree to get rid of Dependabot for Python requirements. TODOs:

• Set up Dependabot for JavaScript dependencies
• Document the process for new API releases (gen docs, update search index, update testing requirement version)

[frankharkins]

I think keeping the Python dependabot is still useful. All we need is for a maintainer to push a commit to that branch to get CI to run (see my merge commit in https://github.com/Qiskit/documentation/pull/1879: the token loads correctly).

[Eric-Arellano]

Apparently dependabot already runs for JavaScript. Frank has a good point that it's still valuable to keep for Python.

So I think the only possible action is if we want to update the README? I'm not sure if that's necessary.