Add dependabot to keep GitHub Actions up-to-date

[pnacht]

Is your feature request related to a problem? Please describe.
J2CL's GitHub workflow uses hash-pinned Actions, which protects the project from supply-chain attacks. However, it currently has no way of updating those Actions.

Describe the solution you'd like
J2CL can set up dependabot to receive a single periodic PR updating all Actions with new versions. The PR will also update the "version comment" describing the respective version. For an example, see this example PR: pnacht/libarchive#9.

I'll send a PR adding Dependabot.

Describe alternatives you've considered
If you'd rather keep the Actions fixed at their current version, that works too. However, I recommend that you at least enable Dependabot Security Updates (if you haven't already). These are PRs that are immediately sent whenever a vulnerability is reported in a dependency. These can be enabled in the project settings, under "Code security & analysis".

Additional context
My name is Pedro and I'm working with Google and the OpenSSF to improve the supply-chain security of projects critical to the open-source ecosystem.