chore: add Dependabot and dependency-submission workflow

[Shashankpgit]

Summary

• Enables Dependabot to automatically open weekly PRs for npm and GitHub Actions dependency updates, keeping the plugin collection's test tooling and CI actions current without
  manual tracking.
• Adds a dependency-submission workflow that populates the GitHub Dependency Graph on each push to master (and on a weekly schedule), enabling security vulnerability alerts
  (Dependabot alerts) for the lockfile-less root package.

Changes

• Add .github/dependabot.yml — configures weekly npm updates (grouped for karma*/jasmine*) and weekly GitHub Actions updates, both scheduled Monday 03:30 UTC
• Add .github/workflows/dependency-submission.yml — generates a lock file (npm install --package-lock-only) and submits it to the Dependency Graph via
  advanced-security/npm-dependency-submission-action@v1; runs on schedule (Monday 03:00 UTC), push to master on package.json changes, and PRs

How to Test

1. Merge to master and verify the Dependency Submission workflow runs successfully under Actions.
2. Navigate to Insights → Dependency graph on GitHub and confirm npm dependencies from the root package.json are listed.
3. On the following Monday, check that Dependabot PRs are opened (or check Security → Dependabot for scheduled scan status).

Checklist

• Tests added or updated
• Documentation updated (if public API or behavior changed)
• No breaking changes — or breaking changes noted with ! in title and explained in Summary
• Reviewed my own diff before requesting review