Add cooldown and grouping to Dependabot config (#14931)

- Add 7-day cooldown to protect against supply chain attacks
- Group updates by ecosystem to reduce PR noise
- Change schedule from daily to weekly
- Add Docker ecosystem for base image updates

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: dguido

.github/dependabot.yml

@@ -5,12 +5,32 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      github-actions:
+        patterns:
+          - "*"
 
   # Maintain dependencies for Python using uv
   # Using "uv" ecosystem ensures both pyproject.toml AND uv.lock are updated together
   # This prevents Docker build failures from lockfile mismatches
   - package-ecosystem: "uv"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      python:
+        patterns:
+          - "*"
+
+  # Maintain Docker base image (python:3.12-alpine)
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7