Set up automated dependency updates (OSOE-815)

[Piedone]

Set up some kind of automation to update NPM and NuGet dependencies in all OSOCE projects. If we really want to get fancy, then perhaps Docker dependencies (if we have any directly used ones, e.g. ZAP is not an easy case) as well as dotnet tools (see e.g. this) too.

• This needs to cover the projects directly in this repo, both in the OSOCE and NuGetTest solutions, as well as all referenced submodules. Once we have a working approach, we'll use it in all non-OSOCE and closed-source apps too.
• Dependabot can do this. However, we have dozens of repos where we don't want to duplicate configuration, and it seems Dependabots configs can't be DRY (though there are workarounds).
• Renovate looks like a good tool too, and it supports DRY config as well (see this post and the docs; a JSON5 common config works too). See OC's config for inspiration. We can also try the Renovate GitHub Actions action, which is a lightweight way of running it on our own. Also see this post.
• We don't want to get too many such PRs, since ultimately, all of them need to be reviewed by a human, perhaps also tested, and in the case of submodules, integrated into OSOCE. So, e.g. make it check dependencies e.g. once a month/week?
• It should be possible to keep submodules on the latest minor version of OC (e.g. 2.1.0) instead of forcing them to the latest patch version (e.g. 2.1.3). Perhaps OC packages should be ignored altogether since updating those always also involves updates and releases of our projects too.
• The approach we take should work for private repos too (even if with a different configuration).

Jira issue

[Piedone]

Related: OrchardCMS/OrchardCore#16729.