Add workflow to auto-merge dependabot PRs

[jpmckinney]

How to: https://blog.phaizel.com/auto-merge-dependabot-pr-with-github-actions

Add workflows to:

• [x] repositories with dependabot.yml, except those where merging causes a deployment
• [x] cookiecutter (maybe add prompt about auto-deployment, per security issue below)
• [x] extension template
• profile template Not used, as merging causes a deployment

Original with more security concerns: https://blog.somewhatabstract.com/2021/10/11/setting-up-dependabot-with-github-actions-to-approve-and-merge/

• [x] Don't use the workflow if a merge causes a deployment (e.g. GitHub Pages for Extension Explorer, OCDS profiles that deploy to the docs server)
• [x] Don't add more to the workflow https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

[jpmckinney]

If we get major upgrades again to dev dependencies, we can try using steps.dependabot-metadata.outputs.dependency-type matching direct:development (I think this is equivalent to Dependabot emails wth "deps-dev" in the subject).

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow

[jpmckinney]

Had to edit the precommit job: https://github.com/open-contracting/lib-cove-oc4ids/commit/a627685f709ae7c1daa109273d67a569af38ce5a