add depedabot for dependency tracking/updating

Created by: zain-sohail

With the discussion in PR #151 , we want automatic dependency updates every so often. Depedanbot is a tool by github to perform just this function. It creates a PR weekly (or any time duration) with all the outdated dependencies to update them, and those can be manually merged (or auto if wished). Initally I had other ideas on how to do this but dependabot is very well integrated in github environement (see insights or security)

example is PR #179 in which dependabot suggested us a security update for numpy. For general updates, it will only do so once we merge this branch to main and then it will group all the updates in one PR (hard to test without trying).