ci: Add Dependabot version-update cooldown

[ld-repository-standards]

This pull request was auto generated by the LaunchDarkly Github Standards automation platform.

• Ensure every entry under updates in .github/dependabot.yml declares a cooldown of at least 7 days (default-days).
• Add entries for detected package ecosystems that were not yet tracked by Dependabot.

Cooldown applies only to version updates; security updates bypass it, so critical CVE fixes are never delayed.

Ref: SEC-8058.

---

Note

Low Risk
CI/automation-only change with no runtime code; only affects how and when Dependabot opens dependency PRs.

Overview
Introduces .github/dependabot.yml to turn on automated dependency updates across the repo.

Each updates entry uses a weekly schedule and a cooldown.default-days: 7 so routine version bumps are spaced out. Coverage includes Docker (examples/proxy-validation-test), GitHub Actions (repo root), and npm for the listed libs/* packages.

Per the PR intent, cooldown affects version updates only; security updates are not delayed.

^{Reviewed by Cursor Bugbot for commit 2cc7edd. Bugbot is set up for automated code reviews on this repo. Configure here.}

[kinyoklion]

NPM isn't actually used in this repository. The package files are just used to model dependencies. That said including them probably doesn't hurt anything. It also just doesn't do anything.