Resolves: Add native GitHub security and versioning dependency alerts

[szlatkow]

• add dependabot.yml which automatically enables Dependabot's dependency versioning scanner and dependency update PRs bot by declaring dependency ecosystems and sources in the project. For dependency security vulnerabilities scanner and vulnerable dependency update PRs bot, enable "Dependabot alerts" and "Dependabot security updates"

• use the target-branch attribute, if you would like to run Dependabot's scan against a branch other than your default branch (for example if you have a separate development branch)

• should you decide that certain people on your team should take care of the PRs that Dependabot creates, use the two attributes assignees and reviewers to automatically set personnel respectively.

Resolves #171

[dnfadmin]

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

:x: szlatkow sign now
_{You have signed the CLA already but the status is still pending? Let us recheck it.}