Configure Dependabot to keep track of lib updates and sec issues

Here is a [nice article](https://mglaman.dev/blog/my-dependabot-configuration-drupal-and-other-php-projects), worth reading it to get an idea on how to do that