CI-1108: Add cooldown to Dependabot to mitigate supply-chain attacks

Add a 7-day cooldown period before Dependabot updates dependencies.
This helps protect against supply-chain attacks by ensuring new package
versions have time to be vetted by the community before adoption.

Co-Authored-By: opencode <noreply@opencode.ai>

Author: timdittler

.github/dependabot.yml

@@ -7,6 +7,8 @@ updates:
       interval: "weekly"
       time: "08:00"
       timezone: "Europe/Berlin"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 5
 
   - package-ecosystem: "composer"
@@ -15,6 +17,8 @@ updates:
       interval: "weekly"
       time: "08:00"
       timezone: "Europe/Berlin"
+    cooldown:
+      default-days: 7
     open-pull-requests-limit: 5
     groups:
       composer-prod-updates: