chore: limit dependabot to security-only updates
Set open-pull-requests-limit to 0 for all ecosystems so routine version-update PRs are suppressed while security advisories still trigger PRs automatically
Set open-pull-requests-limit to 0 for all ecosystems so routine version-update PRs are suppressed while security advisories still trigger PRs automatically