Configure dependabot to provide updates for a certain set of libraries

[php-coder]

Instead of updating every dependency, let's allow to submit PRs only for a set of libraries that are safe to update in most of the cases.

Candidates:

• [x] thumbnailator
• [x] jsoup (#1567)
• [x] lombok (#1562)
• [x] Liquibase (#1565)
• [x] H2 (#1555)
• [ ] HikariCP (#1509)
• [x] commons-text (#1182)
• [x] commons-lang3 (#1183)
• [ ] mysql-connector-java (#1184, #1473)
• [ ] postgresql (#1173)
• [x] ~~html5validator~~ (obsolete: #1669)
• [ ] ansible (#1531)
• [x] ansible-lint (#1516, #1515, #1570) (obsolete: #1669)
• [x] github actions
  • [x] actions/checkout (see https://github.com/actions/checkout/releases/tag/v4.1.1)
  • [x] actions/setup-java (see https://github.com/actions/setup-java/releases/tag/v4.0.0)
• [ ] spring framework, spring security, spring boot (minor patch)
• [ ] togglz (#1460, #1644)
• [x] hibernate-validator (#1200, #1528, #1569)

Also we can consider to include some maven plugins.

TODO:

• [x] read https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide
• [x] read https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
• [x] read https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates
• [ ] read https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
• [x] ~~Enable dependabot (Settings tab, Security > Code security and analysis section, Dependabot > Dependabot version updates: enable)~~ (resolution: isn't needed as we've created a file)
• [x] create .github/dependabot.yml
• [ ] create ADR (and mention https://github.com/dependabot/feedback/issues/216)

[php-coder]

• github actions (#1154)

[php-coder]

Plus: html5validator

Later:

• ansible (#1531)
• ansible-lint (#1516, #1515, #1570)