Update release workflow

[dopplershift]

• Updated the versions of various actions in the workflow
• Added a dependabot config that should automatically send in PRs for updates to these actions
• Switch to use PyPI "trusted publisher" (see below)

PyPI's new trusted publisher support allows configuring, on the PyPI project, a specific GitHub Actions workflow and (optionally environment--like your "pypi" environment) that is permitted to publish to PyPI. Using existing publication action you're using from PyPA, GitHub and PyPI will automatically exchange the needed (short-lived) tokens to permit the publication. This eliminates having a persistent, shared secret that is associated with a particular user account, and instead everything uses short-lived tokens and configuration that is done at the project infrastructure level.

If you're happy proceeding this way, the additional steps with this PR are:

• [ ] Remove the PYPI_TOKEN from the PyPI environment
• [ ] Delete the token from the user account
• [ ] Configure the python-awips pypi project to trust the release.yml workflow

[dopplershift]

I can confirm this workflow worked without any problems for the most recent MetPy release.