Have dependabot update monthly (#87)

This has dependabot scan for Python dependencies, and make PRs for
them, monthly instead of weekly.

It shouldn't affect security alerts or most updates for known
security vulnerabilities.

.github/dependabot.yml

@@ -3,7 +3,7 @@ updates:
   - package-ecosystem: pip
     directory: '/'
     schedule:
-      interval: weekly
+      interval: monthly
     allow:
       - dependency-type: all
     open-pull-requests-limit: 20