Enable Dependabot auto PR

[erikziyunchi]

Try to resolve the issue #25.

[gaukas]

This PR looks good to be and I am approving to unblock the merging. But kindly check out my concerns below:

• I think this PR tries to enable "Dependabot version updates", which does more than "Dependabot security updates" (configurable in repository settings). Which is Okay.
• Not sure if enabling it would really benefit the maintenance of this project. Do you expect expected or reduced workload in maintaining dependency updates with it?
• I'm asking ONLY because I see we are using a few unstable (v0.x) packages and uncertain about how many of them may break the backward compatibility when being updated.

[erikziyunchi]

Thanks for the approval and notes! Yeah, I think your concerns are absolutely valid, I'm having the similar concerns as well. But it seems like this will be the best way to keep track with all the packages we are using(and should fix most of the security concerns), some updates might break the compatibility and some of the auto PR might need some manual changes to the code, especially with wasmtime related updates, so I currently set them as ignored and update manually later.