CI-1108: Add cooldown to Dependabot to mitigate supply-chain attacks (#147)

Add a 7-day cooldown period before Dependabot updates dependencies.
This helps protect against supply-chain attacks by ensuring new package
versions have time to be vetted by the community before adoption.

Co-authored-by: opencode <noreply@opencode.ai>

Author: timdittler

.github/dependabot.yml

@@ -9,3 +9,5 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+    cooldown:
+      default-days: 7