Disable auto-merging of dependency upgrades in mergify.yml

[zxt-tzx]

In mergify.yml, currently non-major dependabot upgrades areautomatically merged into develop

I discussed with @timotheeg and @lamkeewei, it seems like this is a bad idea:

• It's probably not safe to assume that even semver patches won't accidentally introduce breaking changes (much less maliciously: see the recent node-ipc example here)
• If we are interested in getting timely security updates, I think there are already other less intrusive measures to do so by GitHub and Snyk

It might be OK to do automatic merging if the repo is v well-tested, so that we can be sure that everything works as intended. But I think that's not a standard that we can assume all repos meet this standard.

In fact, for mission-critical products, it might be even better to err on the side of caution and pin dependencies to explicit versions and do controlled, tested upgrades.

As such, insofar as ts-template is supposed to embody a set of safe defaults, I don't think the current auto-merging of dependencies upgrade is such a default.

(As a side note, can I be given access rights to this? Tried to create a PR but was blocked.)

[zxt-tzx]

Example of bug induced by mergify's automatic merging: https://github.com/opengovsg/askgovsg/commit/e1be4ff2ace6faae96e4b578e4cff2bd6eec3a89

[zxt-tzx]

Example of dependency-pinning: https://github.com/opengovsg/postmangovsg/pull/1578

[LoneRifle]

Given that ts-template is meant to be a starting base for new products built by engineering, we want to keep deps in this particular repository as recent as possible, to ensure that they start with the most recent packages.

This should be sustained even as engineers continue to build out their product; any stability risk from dep changes can be mitigated by the fact that the products would not be heavily used in its early days.

Engineers are free to discard the rolling dep updates at any point in their dev process once this template is used to start their codebase.