Keep GitHub Actions up to date with Dependabot

[cclauss]

Fix warnings like at the bottom right of
https://github.com/getsentry/sentry/actions/runs/8361594088

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

[asottile-sentry]

we're currently only using dependabot for security updates and I don't think we really want to change that right now

[cclauss]

Using unsupported versions of Node.js in multiple GitHub Actions is not a security concern?

[asottile-sentry]

github issues the warning and then runs it with a supported version of node

[cclauss]

Is that auto-upgrade documented somewhere?

[asottile-sentry]

for instance:

The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2, actions/setup-node@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/

[cclauss]

Fascinating. Thanks. It means that Action code is running on a version of Node.js that it was probably not tested to run on.

[getsantry]

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀