More dependabot (#6977)

Apply dependabot to `settings.gradle.kts` and `build.gradle.kts` in a
rather roundabout way (see README.md).

Currently built on top of #6975

.github/dependabot.yml

@@ -39,6 +39,15 @@ updates:
       interval: "daily"
     open-pull-requests-limit: 10
 
+  - package-ecosystem: "gradle"
+    # need to scope gradle dependency updates down in this repo because most of the instrumentations
+    # intentionally test against old library versions
+    directory: ".github/project-root-duplicates"
+    rebase-strategy: "disabled"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
   - package-ecosystem: "gradle"
     directory: "/"
     allow:

.github/project-root-duplicates/README.md

@@ -0,0 +1,6 @@
+This directory and the two symlinks in it are used by the
+[dependabot configuration](../.github/dependabot.yml), because we can't include the root directory
+in the dependabot scanning since then it will pick up all of the old library versions that we
+intentionally compile and test against.
+
+See https://github.com/dependabot/dependabot-core/issues/4364.

.github/project-root-duplicates/build.gradle.kts

@@ -0,0 +1 @@
+../../build.gradle.kts

.github/project-root-duplicates/settings.gradle.kts

@@ -0,0 +1 @@
+../../settings.gradle.kts