Keep GitHub Actions up to date with GitHub's Dependabot

[cclauss]

Fixes software supply chain safety warnings by automating pull requests like 367cd96

• Keeping your actions up to date with Dependabot
• Configuration options for the dependabot.yml file - package-ecosystem

[AWhetter]

I've always been put off from using this because of how noisy it is. Can we reduce the amount of pull requests that it creates? Maybe by using the groups option?
Also please could we use a monthly update interval.

[cclauss]

The Groups option is already enabled in this PR, meaning that only one Dependabot PR can be open at a time—not chatty.

Dependabot would only be noisy if numerous GitHub Actions dependencies were pinned to minor or micro versions.

The current GitHub Actions dependencies are:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/upload-artifact@v4
- uses: actions/download-artifact@v4
- uses: pypa/gh-action-pypi-publish@release/v1
- uses: sigstore/gh-action-sigstore-python@v3.0.0

sigstore/gh-action-sigstore-python is the only dependency pinned to a micro version. The other most chatty would be setup-python which would have only been in four Dependabot PRs since GitHub Actions began.