chore: disable dependabot for dependencies upgrades

[dreamorosi]

Description of your changes

As discussed in today's maintainer's meeting this PR proposes a change that aims at disabling dependabot for this repository.

Note
This change does not involve security upgrades. These notifications are still going to be enabled after this PR. The change refers only to dependency upgrades.

The rationale behind this change is purely rooted in safekeeping maintainer's focus by avoiding unnecessary noise coming from dependencies that change very often. The impact of this change should not be too big as one of the project's tenet is to limit dependencies, so most of the dependency updates that we receive are instead related to development dependencies.

The maintainers will be updating dependencies every 3 months.

At the moment Dependabot's config allows a maximum schedule of one month (source), so we will be disabling Dependabot altogether and perform the updates manually every quarter.

Surprisingly there's very little information available on how to disable dependabot. The only info I could find kind of related is in this page where it's mentioned that:

You enable Dependabot version updates by checking a dependabot.yml configuration file into your repository.

Assuming that the contrary is true, removing the file should also disable Dependabot.

How to verify this change

See if Dependabot does not open any new PR in the coming weeks.

Related issues, RFCs

N/A

PR status

Is this ready for review?: YES
Is it a breaking change?: NO

Checklist

• My changes meet the tenets criteria
• I have performed a self-review of my own code
• My changes generate no new warnings
• The code coverage hasn't decreased
• The PR title follows the conventional commit semantics

Breaking change checklist

N/A

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[github-actions]

📊 Package size report   No changes

File	Before	After
Total (Includes all files)	137.3 kB	137.3 kB
Tarball size	136.1 kB	0.01%↑136.1 kB

Unchanged files

File	Size
aws-lambda-powertools-commons-0.10.0.tgz	6.5 kB
aws-lambda-powertools-logger-0.10.0.tgz	22.3 kB
aws-lambda-powertools-metrics-0.10.0.tgz	17.5 kB
aws-lambda-powertools-tracer-0.10.0.tgz	21.4 kB
commons-bundle.zip	7.0 kB
logger-bundle.zip	22.8 kB
metrics-bundle.zip	18.0 kB
tracer-bundle.zip	21.9 kB

_{🤖 This report was automatically generated by pkg-size-action}
(options hash: 899bf2cb67e3bf54ae2b8c3bd71ae72e)

[dreamorosi]

Leaving this for recording purposes:

The issue that prevented Dependabot from updating certain dependencies in our monorepo (the ones that were devDependencies of a package only) was finally due to a misconfiguration on our side.

This configuration works and is able to correctly bump the dependencies, the key is in the versioning-strategy parameter:

  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "friday"
      time: "05:00"
      timezone: "Europe/Amsterdam"
    versioning-strategy: increase
    open-pull-requests-limit: 20

See this issue for more details: dependabot/dependabot-core#5226