Configure dependabot to provide updates for a certain set of libraries

[php-coder]

Instead of updating every dependency, let's allow to submit PRs only for a set of libraries that are safe to update in most of the cases.

Candidates:

• thumbnailator
• jsoup (Update jsoup to 1.16.1 #1567)
• lombok (Update Lombok to 1.18.24 #1562)
• Liquibase (Update Liquibase to 4.25.1 #1565)
• H2 (Update H2 to 2.x #1555)
• HikariCP (Update HikariCP to 5.0.1 #1509)
• commons-text (Update commons-text to 1.11.0 #1182)
• commons-lang3 (Update commons-lang3 to 3.13.0 #1183)
• mysql-connector-java (Update mysql-connector-java to 5.1.49 #1184, Update mysql-connector-java to 8.0.16+ to fix 3 CVEs #1473)
• postgresql (Update postgresql to 42.5.0 #1173)
• html5validator (obsolete: Decommission of static analyzers #1669)
• ansible (Update Ansible to 3.4.0 #1531)
• ansible-lint (Update ansible-lint to 4.3.7 #1516, Update ansible-lint to 5.x #1515, Update ansible-lint to 6.x #1570) (obsolete: Decommission of static analyzers #1669)
• github actions
  • actions/checkout (see https://github.com/actions/checkout/releases/tag/v4.1.1)
  • actions/setup-java (see https://github.com/actions/setup-java/releases/tag/v4.0.0)
• spring framework, spring security, spring boot (minor patch)
• togglz (Update Togglz to 3.3.3 #1460, Update Togglz to 4.x #1644)
• hibernate-validator (Update hibernate-validator to 6.1.7.Final #1200, Update hibernate-validator to 7.0.x #1528, Update hibernate-validator to 8.0.x #1569)

Also we can consider to include some maven plugins.

TODO:

• read https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide
• read https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
• read https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates
• read https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
• Enable dependabot (Settings tab, Security > Code security and analysis section, Dependabot > Dependabot version updates: enable) (resolution: isn't needed as we've created a file)
• create .github/dependabot.yml
• create ADR (and mention https://github.com/dependabot/feedback/issues/216)

[php-coder]

• github actions (Migrate from Travis CI to GitHub Actions #1154)

[php-coder]

Plus: html5validator

Later:

• ansible (Update Ansible to 3.4.0 #1531)
• ansible-lint (Update ansible-lint to 4.3.7 #1516, Update ansible-lint to 5.x #1515, Update ansible-lint to 6.x #1570)