ci: suppress dependabot updates for test fixture manifests

[ruromero]

Summary

• Problem: exclude-paths in dependabot.yml only applies to version updates, not security updates. This caused 8+ noisy PRs from dependabot trying to bump intentionally-pinned vulnerable deps in test fixture manifests under src/test/resources/tst_manifests/ and src/test/resources/msc/.

• Solution: Add dedicated dependabot entries per ecosystem that target the test fixture directories with ignore: [{dependency-name: "*"}] to suppress both version and security update PRs (ref). The ignore option supports security updates unlike exclude-paths.

Changes

Ecosystem	Change
maven (production)	Unchanged
maven (test fixtures)	New entry with directories targeting tst_manifests/maven/** + it/maven/** + ignore: *
npm (test fixtures)	Replaced directory: "/" + exclude-paths with directories targeting all JS test fixture dirs + ignore: *
pip	Replaced with targeted directories pointing to pip/** + it/pypi/** + ignore: *
gomod	Replaced with targeted directories pointing to golang/**, it/golang/**, msc/golang/** + ignore: *
gradle	Replaced with targeted directories pointing to gradle-groovy/**, gradle-kotlin/** + it/ equivalents + ignore: *
cargo	Replaced with targeted directories pointing to cargo/** + ignore: *

Mirrors guacsec/trustify-da-javascript-client#477.

Test plan

• Verify dependabot stops creating PRs for test fixture manifests (check after next scan cycle)
• Verify production maven security/version updates still work
• Close existing 8 test fixture dependabot PRs after confirming

🤖 Generated with Claude Code