Migrate Dependabot reviewers to codeowners

[HonkingGoose]

• I provide my work under the project license.
• I grant such license of my work as is required for the purposes of future print editions to Ben Straub and Scott Chacon.

Changes

• Migrate from Dependabot's reviewers field to a CODEOWNERS file

Context

GitHub is going to stop listening to the reviewers field in the Dependabot config file soon (Tuesday 27 May). GitHub recommends using a CODEOWNERS file to control who must review incoming PRs.

The CODEOWNERS config pings @ben for all incoming PRs, and requires their approval before merge.

GitHub recommends explictly listing the code owner for the CODEOWNERS file. I'm following that recommendation in this PR.

I think you (@ben) will need to set up branch protection rules to make sure the CODEOWNERS need to review the changes before merge? Quote from the GitHub Docs:

Repository owners can update branch protection rules to ensure that changed code is reviewed by the owners of the changed files. Edit your branch protection rule and enable the option "Require review from Code Owners". For more information, see About protected branches.

References

• GitHub Blog, Dependabot reviewers configuration option being replaced by code owners
• GitHub Docs, about code owners

[HonkingGoose]

Maybe you should add a "backup codeowner", so the organization can unblock itself when you're not around?