Adopt grouping for security updates

[grayside]

golang-samples seems to use both renovate and dependabot for security updates. Further, while renovate groups security updates, dependabot sends one PR per sample.

This combination creates a lot of noise and a lot of work that would benefit from deduplication and batching.

Proposed Options

1. Turn off dependabot and rely on Renovate for security updates
2. Turn off security updates in Renovate and rely on Dependabot. And adopt the new dependabot grouping option

[grayside]

I've looked some more into Renovate's support for Vulnerability fixes.

https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts is a configuration block that allows us to do things like have a custom schedule for frequency on checking for updates. Currently this is default for the repository, which in theory means that Renovate is running something like "continuously". We could give it an explicit schedule.

Here's an example of a Renovate PR: #4106
I especially like the details inlined to the PR.

We can also use turn off vulnerability alerts, and leave this to dependabot. I find dependabot PRs to be less informative, but that would have the benefit of being able to have extra clarity on which types of updates each tool performs.

[subfuzion]

@grayside Agree that the details in the Renovate PR look good. OTOH, good to know that Dependabot now offers a grouping option. I thought I heard a mention yesterday about an issue or concern with Renovate, but can't recall now; is Dependabot preferred at the moment? Are you steering toward something common for all repos? cc/@muncus