[CI] Dependabot: add a cooldown period for new releases

[jbampton]

Enforces security best practices by requiring a minimum age for new dependency releases before they are automatically updated by Dependabot.

This practice, known as a "cooldown period," helps mitigate supply chain attacks by allowing time for frequently published malicious packages to be identified.

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown-

Description

This PR...

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 17.76%. Comparing base (eedd329) to head (80f4629).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #12384   +/-   ##
=========================================
  Coverage     17.75%   17.76%           
- Complexity    15855    15861    +6     
=========================================
  Files          5923     5923           
  Lines        530536   530536           
  Branches      64826    64826           
=========================================
+ Hits          94218    94251   +33     
+ Misses       425774   425740   -34     
- Partials      10544    10545    +1     

Flag	Coverage Δ
uitests	3.57% <ø> (ø)
unittests	18.85% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR attempts to add a security best practice by introducing a 7-day cooldown period for Dependabot dependency updates, which would delay automatic updates to newly released packages to allow time for identifying potentially malicious releases.

Key Change:

• Adds a cooldown configuration with a 7-day default period to the Dependabot Maven package ecosystem configuration

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.