Create workflow to autofix dependabot PR

[Cellule]

This change is 

[Copilot]

Pull Request Overview

This PR introduces a new environment variable to bypass Yarn’s --immutable lockfile enforcement, updates the plugin code and documentation accordingly, and adds a GitHub Actions workflow to auto-fix Dependabot PRs.

• Add WORKSPACE_LOCKFILE_FORCE_WRITE check in both source and bundled code to control lockfile writes under --immutable
• Update README to document the new environment variable
• Add .github/workflows/dependabot-auto-fix.yml to automatically install, fix lockfiles, commit, and auto-merge Dependabot PRs

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
src/index.ts	Introduce isImmutable flag based on WORKSPACE_LOCKFILE_FORCE_WRITE
bundles/@yarnpkg/plugin-workspace-lockfile.js	Mirror the new env var logic in the bundled plugin
README.md	Document WORKSPACE_LOCKFILE_FORCE_WRITE usage
.github/workflows/dependabot-auto-fix.yml	New workflow to auto-fix and auto-merge Dependabot pull requests

Comments suppressed due to low confidence (2)

README.md:124

• It may be helpful to explicitly state the default behavior (when the variable is absent or set to anything other than true) so users know the env var must be exactly true.

### `WORKSPACE_LOCKFILE_FORCE_WRITE`

.github/workflows/dependabot-auto-fix.yml:16

• Add with: fetch-depth: 0 under the checkout step to ensure full history is available for the auto-merge and squash operation.

      - uses: actions/checkout@v4

[ThomasTrepanier]

Reviewed 4 of 4 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @AdrienPoupa, @alexisloiselle, @Cellule, @Cloudsky01, @jpineault, @ptessier, and @Urik)