build(deps): add Dependabot configuration

[vlakoff]

Adds automated dependency update tracking via Dependabot (quickstart guide).

What

Adds .github/dependabot.yml with monthly update checks for:

• Composer (phpunit, spatie packages, etc.)
• npm (pixelmatch)

Why

Dependency updates have been handled manually so far.

For instance, running npm install recently bumped pixelmatch from 7.1.0 to 7.2.0 locally, with no automated mechanism to catch and PR that update.

Notes

• Monthly interval chosen given the low dependency count and low churn.
• Dependabot will open one PR per outdated dependency when it triggers. If PR noise becomes an issue, Renovate with grouping would be a good alternative.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.72%. Comparing base (4da2233) to head (b58cefc).

Additional details and impacted files

@@            Coverage Diff            @@
##               main     #239   +/-   ##
=========================================
  Coverage     71.72%   71.72%           
  Complexity      999      999           
=========================================
  Files            49       49           
  Lines          3158     3158           
=========================================
  Hits           2265     2265           
  Misses          893      893           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[vlakoff]

We could even use quarterly for the schedule intervals (documentation).

Given the low dependency count and low churn, it would lower the maintenance burden further, while remaining active enough.

Feel free to go with whichever intervals feel right.