fix(dependabot): fix broken config and add cooldown

- Remove private registry config for npm.pkg.github.com as internal
  packages are now accessible without a token (CI-1040)
- Add github-actions ecosystem to allow updating internal actions
- Add 7-day cooldown to npm and github-actions to mitigate supply
  chain attacks (CI-1108)

Co-Authored-By: opencode noreply@opencode.ai

Author: timdittler

.github/dependabot.yml

@@ -1,16 +1,19 @@
 version: 2
-registries:
-  npm-github:
-    type: npm-registry
-    url: https://npm.pkg.github.com
-    token: ${{secrets.STAFFBOT_NPM_READ}}
-
 updates:
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
     labels:
       - "dependencies"
-    registries:
-      - npm-github
+    cooldown:
+      default-days: 7
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+    cooldown:
+      default-days: 7