Enable Dependabot if needed

[basil]

Many plugins are missing .github/dependabot.yml, so their dependencies are never updated. If needed, this file should be added per the archetype.

[basil]

As far as dependabot.yml sections go, package-ecosystem: maven should always be included (except for Gradle-based plugins, of which there are very few), but package-ecosystem: github-actions should only be included if the plugin has a Release Drafter (not inherited from the organization wide one, as should be the case for automated release) and/or Jenkins Security Scan workflow enabled. If the plugin has a .mvn_exec_node or .mvn_exec_yarn file, package-system: npm could be included as in e.g. active-choices-plugin.

[sghill]

I noticed in jenkinsci/slack-plugin#886 that some plugins have switched from dependabot to renovate. A quick search shows 40 renovate config files.

I'm thinking this dependabot recipe should no-op if one of the supported configuration files is present.

[gounthar]

I was about to open an issue with the very same subject, thanks a lot @basil !