ci: add dependabot.yml to exclude test fixture directories

Dependabot was auto-discovering all package.json and pyproject.toml
files including 12 in code_to_optimize/ (test fixtures). These PRs
always fail because E2E tests need secrets unavailable on Dependabot
PRs — 70% of Dependabot runs were failing on vite updates to fixtures.

Explicit config monitors only the real dependency files:
- / (root pyproject.toml)
- /packages/codeflash (npm package)
- GitHub Actions versions

.github/dependabot.yml

@@ -0,0 +1,22 @@
+version: 2
+updates:
+  # Python (root pyproject.toml)
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # JavaScript (codeflash npm package)
+  - package-ecosystem: "npm"
+    directory: "/packages/codeflash"
+    schedule:
+      interval: "weekly"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # code_to_optimize/ directories are test fixtures — do NOT update them.
+  # Dependabot PRs for these always fail (missing secrets) and waste CI.