ci: use Dependabot to bump GitHub Actions

[Molkree]

This will keep the various GH Actions used in workflows up to date.
I set the interval to daily and not weekly/monthly but I believe it shouldn't create too much noise because:

• major versions of Actions are not updated too often (every few months) and we only pin to major version
• this doesn't produce any new runs in the Actions tab
  We will just get pull requests sooner.

I recommend merging #1711 before this PR.

[codecov-commenter]

Codecov Report

Merging #1712 (d627790) into main (4000393) will decrease coverage by 0.15%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1712      +/-   ##
==========================================
- Coverage   79.54%   79.38%   -0.16%     
==========================================
  Files         299      299              
  Lines        6311     6311              
  Branches     1033     1033              
==========================================
- Hits         5020     5010      -10     
- Misses       1074     1083       +9     
- Partials      217      218       +1     

Flag	Coverage Δ
longtests	79.38% <ø> (-0.16%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cve_bin_tool/nvd_api.py	75.20% <0.00%> (-8.80%)	⬇️
cve_bin_tool/cli.py	69.29% <0.00%> (+0.39%)	⬆️

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[terriko]

I'm re-running CI because a lot of stuff failed but I can't see how it would be related so I'm expecting to merge this once it's done.

[terriko]

The cve check still isn't running in CI but the rest resolved. Going to go ahead and merge now. thank you for this -- it should make maintenance easier going forwards.