Enable a dependency update tool

[joycebrum]

Hi! I'd like to suggest for go-cmp to enable a dependency update tool in order to keep CI dependencies up to date. It can also be enable to update dependencies in other ecosystems.

Having dependencies hash pinned and updated through a dep update tool is a good way to get vulnerabilities and bug fixes as soon as possible without blindly upgrading.

I'll be submiting a PR with a configuration for dependabot, but let me know if you rather renovatebot or other tool. Let me know what do you think about it.

Besides, I strongly recommend that you enable the Dependabot security updates option on Code security and analysis to receive out of schedule upgrades in case of a new security patch is released (avoiding being exposed for much time).

Disclosure: I'm from GOSST (Google Open Source Security Team) and I'm working on improving the supply security of many open source projects.

[dsnet]

\cc @neild, any thoughts here?

[neild]

go-cmp has no dependencies. Thanks, but no thanks.