Disable all Dependabot updates apart from security ones

Updating Rails and govuk_publishing_components can be particularly
onerous. A recent release of govuk_publishing_components v40+
(updating apps to govuk-frontend v5) required updating a number of
files, which has proven complex enough for Content Publisher that
it was split out of the general card and given its own card. At
time of writing, there are four open Dependabot PRs for Content
Publisher for ruby, all with failing tests.

We believe the risk of changing the dependabot policy for these
repos is low. If there were a security risk with a dependency, and
if applying it was made more difficult due to us having fallen too
far behind, we could either persevere with the patching, or use it
as impetus to prioritise retiring the app, or temporarily take the
app offline. In any case, usage is so negligible that publisher
activity is unlikely to be affected.

Disabling non-security updates as per:
https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates

> If you only require security updates and want to exclude version updates, you can set open-pull-requests-limit to 0 in order to prevent version updates for a given package-ecosystem.

Trello: https://trello.com/c/kpf7rWEq/2979-change-dependabot-configs-for-content-publisher-and-maslow

.github/dependabot.yml

@@ -4,7 +4,9 @@ updates:
     directory: /
     schedule:
       interval: daily
+    open-pull-requests-limit: 0
   - package-ecosystem: npm
     directory: /
     schedule:
       interval: daily
+    open-pull-requests-limit: 0