Change Github security scans to develop branch

[mcwhitaker]

Descriptive summary

Security scans against master requires us to recreate the PRs in develop. Moving the security scans to develop will reduce the amount of work that we have to do to deal with the PRs.

Done looks like

Security scans happen in develop.

[Dananji]

For Dependabot we have setup the develop branch to be the target-branch in the .dependabot/config.yml file but it still targets the master branch.
I tried @dependabot rebase and @dependabot recreate commands after changing the target branch in a dependabot PR. And it always goes to master.

I found this reported issue on their GitHub. According to this, even when we have setup dependabot configuration for the repo, the security updates act based on GitHub's security updates work. And this is based on the Dependency graph (based on the default branch's manifests), therefore the PRs are made to master branch which is the default branch in our case.

[Dananji]

Right now Snyk also works with the default branch of the repo, so the PRs are always made to master.

[Dananji]

For both of these, the solution I see for now is changing our default branch to develop from master.

[mcwhitaker]

We have decided to keep things as they are. Dananji will work on the PRs in avalon-bundle first to make it slightly easier to work on the PRs in the avalon repo after having done it once.