Add dependabot

[ssteinbach]

Adds a dependabot.yml to opentimelineio.

Dependabot is a GitHub service that opens Pull requests to update the version of dependencies in the library. For more information:
https://docs.github.com/en/code-security/supply-chain-security/enabling-and-disabling-version-updates#enabling-github-dependabot-version-updates

[codecov-io]

Codecov Report

Merging #931 (ba5eac2) into master (846bfb1) will increase coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #931      +/-   ##
==========================================
+ Coverage   85.75%   85.76%   +0.01%     
==========================================
  Files         191      191              
  Lines       18098    18109      +11     
  Branches     2046     2048       +2     
==========================================
+ Hits        15520    15532      +12     
  Misses       2055     2055              
+ Partials      523      522       -1     

Flag	Coverage Δ
unittests	85.76% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...-opentimelineio/opentimelineio/plugins/manifest.py	88.33% <0.00%> (+1.04%)	⬆️
tests/test_plugin_detection.py	86.66% <0.00%> (+2.35%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 846bfb1...ba5eac2. Read the comment docs.

[jhodges10]

Good call making it Monday's only @ssteinbach, all too often dependabot gets incredibly annoying because of incessant notifications.

[reinecke]

Just one copy/paste issue in a comment. This is a good add though, especially for our submodules.