Adjust dependabot cadence

We want non-security dependabots to be released on a monthly basis as
opposed to a weekly basis.  This allows us to avoid drift from what has
been released while balancing the amount of overhead involved with
review and integration.

We are also adding a "cooldown" of 7 days, which means a dependency
won't be incorporated immediately, but only 7 days after its release
date.  This makes it more likely that any community issues with the
dependency are resolved (whether that be catching a security issue or
simply updating peer dependencies).

Author: slifty

.github/dependabot.yml

@@ -3,7 +3,11 @@ updates:
   - package-ecosystem: 'npm'
     directory: '/'
     schedule:
-      interval: 'daily'
+      interval: 'monthly'
+      time: '00:00'
+      timezone: 'Etc/UTC'
+    cooldown:
+      default-days: 7
     groups:
       storybook:
         patterns:
@@ -35,4 +39,8 @@ updates:
   - package-ecosystem: 'github-actions'
     directory: '.github/workflows'
     schedule:
-      interval: 'weekly'
+      interval: 'monthly'
+      time: '00:00'
+      timezone: 'Etc/UTC'
+    cooldown:
+      default-days: 7