fix: Use ubuntu-latest for dependabot workflow security (#741)

Use GitHub-hosted runners (ubuntu-latest) instead of self-hosted runners
for improved security with pull_request_target workflows. GitHub-hosted
runners provide better isolation and are ephemeral, reducing security risks.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: pannago

.github/workflows/dependabot-automerge.yml

@@ -10,7 +10,7 @@ permissions:
 
 jobs:
   dependabot:
-    runs-on: [ci-universal-scale-set]
+    runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
 
     steps: