Add dependabot config

[AetherUnbound]

Fixes

Fixes WordPress/openverse#1650 by @zackkrida

Description

This PR adds a dependabot configuration to the repository.

Based on my understanding of the dependabot documentation, I believe dependabot will only try to update pinned dependencies. We only pin dependencies in cases where the dependency itself is not defined in the Airflow constraints file. As such I think it should be safe to have dependabot manage the pinned dependencies, since those ones aren't managed by Airflow! I'm not sure how best to test this, we may just need to merge it and find out 😄 Dependabot should be able to handle the 3 different requirements_*.txt files we have.

I also renamed one of our files from requirements.txt to requirements_tooling.txt to make its purpose clearer.

Testing Instructions

1. Try just install locally and make sure it still works

Checklist

• My pull request has a descriptive title (not a vague title like Update index.md).
• My pull request targets the default branch of the repository (main) or a parent feature branch.
• My commit messages follow best practices.
• My code follows the established code style of the repository.
• I added or updated tests for the changes I made (if applicable).
• I added or updated documentation (if applicable).
• I tried running the project locally and verified that there are no visible errors.

Developer Certificate of Origin

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

[rwidom]

I'm not 💯 confident what "pinned" means here, but I'm assuming that it means when there is a specific version listed in the requirements file. I did try just install with this branch and it worked fine. 👍 Just one tiny comment.

[rwidom]

This comment really made my day, and is extremely helpful.

[AetherUnbound]

I'm not 100 confident what "pinned" means here, but I'm assuming that it means when there is a specific version listed in the requirements file.

That's exactly it! Unpinned dependencies are those just listed in the file without a version attached to them, meaning that whatever the latest version is (or whatever the constraints dictate) is what gets installed.

[zackkrida]

lgtm!

[stacimc]

Reasoning seems sound to me, this looks good!