Add cooldown settings for Dependabot

[mbg]

See https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#cooldown- for what this does.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

• Testing/None - This change does not impact any CodeQL workflows in production.

How did/will you validate this change?

• None - I am not validating these changes.

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Other - Please provide details.

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

Adds Dependabot cooldown configuration to reduce update PR churn by enforcing a default 7‑day cooldown, with exclusions for core Actions/tooling dependencies.

Changes:

• Added cooldown.default-days: 7 to the npm Dependabot update configuration.
• Added cooldown.default-days: 7 to the GitHub Actions Dependabot update configuration.
• Configured cooldown exclusions for @actions/* (npm) and actions/* (GitHub Actions).

[henrymercer]

Thanks!

[mbg]

@henrymercer had to resolve a merge conflict, so this needs re-approval

[github-actions]

Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks.