BAU: Add more instructions for dependabot tf PRs

GitHub protects us from recursion by not running workflows on commits
made by GitHub bots. This could be solved later by using a custom bot
user with a PAT, but for now we can just add instructions to the PR
body to tell maintainers to amend the PR to get the checks to run.

Also, things can get a bit messy if dependabot tries to update
dependencies on a PR where the lockfiles have already been updated.
So add a warning to tell maintainers to recreate the PR if that
happens.

Author: whi-tw

.github/workflows/update-provider-locks.yml

@@ -146,6 +146,19 @@ jobs:
           >
           > The changes are ready for review and merge.
 
+          > [!IMPORTANT]
+          > The actions have not been run on this PR since the lock files were updated, because GHA won't run \`push\` actions when the commit has been made by a bot.
+          > To get the CI checks to run, you will need to amend the PR:
+          > 1. Check out the PR branch locally: \`git checkout ${{github.base_ref}}\`
+          > 2. Pull the latest changes: \`git pull\`
+          > 3. Make a no-op amendment: \`git commit --amend --no-edit\`
+          > 4. Push the amended commit: \`git push --force-with-lease\`
+          >
+          > This will trigger the CI checks to run with the updated lock files.
+
+          > [!WARNING]
+          > If dependabot has attempted to modify the PR (ie. if there are new dependency updates available), comment \`@dependabot recreate\` and it'll recreate the PR from scratch (allowing the lock files to be updated correctly).
+
           ${COMMENT_MARKER}
           EOF