This change adds dependabot configuration with updates disabled to
allow for restriction of manifest file selection used by the
dependency graph.

Ref: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates