Add a comment about Dependabot configuration for Docker

Added for consistency with other apps, however this config is redundant at the
moment. There’re no referenced to Node version in the app code and CI uses
latest LTS (Long-Term Support) version:
https://github.com/alphagov/govuk-infrastructure/blob/060035dcac31d40036e0ec68773ea7dc95cb7bb4/.github/actions/setup-node/action.yml#L9

Moved this config to the bottom of the file similar to other apps.

Author: AgaDufrat

.github/dependabot.yml

@@ -28,24 +28,29 @@ updates:
           - "timecop"
           - "webmock"
 
-  - package-ecosystem: docker
+  - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: weekly
       day: tuesday
       time: "07:00"
-    ignore:
-      - dependency-name: ruby
     cooldown:
-      default-days: 7
+      default-days: 3
     open-pull-requests-limit: 25
 
-  - package-ecosystem: github-actions
+  # Ruby needs to be upgraded manually in multiple places, so cannot
+  # be upgraded by Dependabot. That effectively makes the below
+  # config redundant, as ruby is the only updatable thing in the
+  # Dockerfile, although this may change in the future. We hope this
+  # config will save a dev from trying to upgrade ruby via Dependabot.
+  - package-ecosystem: docker
     directory: /
     schedule:
       interval: weekly
       day: tuesday
       time: "07:00"
+    ignore:
+      - dependency-name: ruby
     cooldown:
-      default-days: 3
+      default-days: 7
     open-pull-requests-limit: 25