chore(ci): update dependabot.yml to group dependencies

[shino]

What did you implement:

• Group all github-actions into single group
  • To mimic "cool-down period" manually, wait for two weeks or so before merging dependabot PRs
• Group gomod modules to three
  • trivy related into single group
    • heavy manual tests are not needed, and avoid merge-rebase loop for multiple PRs
  • vuls related
    • some detection test should be done manually, in cases
  • others

There is no "bi-weekly" value for the "interval" key, this PR uses the "cron" value and "cronjob" key for specifying schedule.
"cron" value and "cronjob" key are described in https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cronjob

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

NONE, hope this work after merge

Checklist:

You don't have to satisfy all of the following.

• Write tests
• Write documentation
• Check that there aren't other open pull requests for the same issue/feature
• Format your source code by make fmt
• Pass the test by make test
• Provide verification config / commands
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Reference

• https://blog.github.com/2015-01-21-how-to-write-the-perfect-pull-request/

[Copilot]

Pull Request Overview

This PR refines Dependabot settings by grouping updates for GitHub Actions and Go modules, and scheduling Go module updates on a custom cron.

• Adds an “all” group for the first ecosystem (likely GitHub Actions) to bundle every update
• Switches Go module updates from a monthly interval to a custom cron for 1st and 3rd Mondays and excludes Trivy

Comments suppressed due to low confidence (1)

.github/dependabot.yml:26

• Dependabot does not recognize the 'cronjob' key; it should be 'cron' to define a custom schedule as per the Dependabot configuration schema.

cronjob:  "0 0 1-7,15-21 * 1" # on 0 AM at 1st and 3rd Mondays

[Copilot]

Pull Request Overview

This PR refactors the Dependabot configuration to batch related updates and apply a bi-weekly schedule for Go modules.

• Consolidates all GitHub Actions updates into a single “all” group
• Adds an “all-but-trivy” group for Go modules and switches its schedule to a cron expression
• Keeps Docker updates on a monthly cadence

Comments suppressed due to low confidence (2)

.github/dependabot.yml:25

• Dependabot only accepts 'daily', 'weekly', or 'monthly' for the 'interval' key. Remove this line and rely solely on the 'cron' schedule key.

      interval: "cron"

.github/dependabot.yml:26

• The correct schedule key is 'cron', not 'cronjob'. Rename this key to 'cron' so Dependabot recognizes the expression.

      cronjob:  "0 0 1-7,15-21 * 1" # on 0 AM at 1st and 3rd Mondays

[MaineK00n]

How about three groups: vuls, trivy, and others?

vuls group

• github.com/MaineK00n/vuls-data-update
• github.com/MaineK00n/vuls2
• github.com/vulsio/go-cti
• github.com/vulsio/go-cve-dictionary
• github.com/vulsio/go-exploitdb
• github.com/vulsio/go-kev
• github.com/vulsio/go-msfdb
• github.com/vulsio/gost
• github.com/vulsio/goval-dictionary

trivy group

• github.com/aquasecurity/trivy
• github.com/aquasecurity/trivy-db
• github.com/aquasecurity/trivy-java-db

others group

[shino]

How about three groups: vuls, trivy, and others?

Feels great! Pushed!