Extend the dependabot schedule interval to monthly (from weekly)

[eskultety]

Even after 041ada3969b5cb62ee70063186822a0614ad5d15 which changed the schedule from daily -> weekly it's still a fair amount of noise that dependabot creates with its PRs. Realistically though there aren't that many relevant changes in the dependencies that we should any more time than necessary to evaluate, so having a monthly scan should suffice. In case there's a vulnerability found there's a separate process path for dependabot in which it'll open a PR once a fix is available, so we'd really not miss out on anything, quite the opposite, it should give us a nice long quiet period with no potential stability issues/breakages.

[eskultety]

While at it, there are a couple more things we could address along with adjusting the schedule:

• combine minor and patch updates to a single PR (currently both update types lead to separate PRs)
• apply the schedule to Javascript updates (currently only the pip ecosystem is handled on the weekly basis)