[codex] Harden repository security configuration

[robert-northmind]

Summary

• Add Dependabot updates for GitHub Actions
• Expand local secret/editor config ignores
• Mark internal resolver callbacks as @Sendable for stricter Swift concurrency checks
• Document the hardening changes in the changelog

Verification

• swift test
• zizmor .github/workflows/ci.yml
• .github/dependabot.yml parses as YAML

[Copilot]

Pull request overview

This PR hardens the repository’s security posture and improves Swift concurrency correctness by adding automated dependency update tooling, reducing the risk of committing sensitive/local config files, and tightening internal callback types for stricter concurrency checking.

Changes:

• Added Dependabot configuration to keep GitHub Actions dependencies up to date.
• Expanded .gitignore to cover common local editor/AI tool folders and secret-bearing config files.
• Marked internal provider resolver build callbacks as @Sendable and documented these changes in the changelog.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
Sources/SwiftiePod/InternalProviderResolver.swift	Marks internal resolver callback closures as @Sendable to satisfy stricter Swift concurrency checks.
CHANGELOG.md	Adds an [Unreleased] section documenting the security/concurrency hardening changes and adds the comparison link.
.gitignore	Ignores additional local configuration and secret-related files to reduce accidental commits.
.github/dependabot.yml	Introduces weekly Dependabot updates for GitHub Actions workflows.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.