ci: modernize dependabot auto-merge (fix broken event filter)

The previous workflow gated on `workflow_run.event == 'push'`, but
Dependabot PRs trigger CI via `pull_request`, not `push` — so the
condition was always false and the job was silently skipped on every
Dependabot PR. Replaced with the modern pattern:

- Triggers on `pull_request` (the right event).
- Uses `dependabot/fetch-metadata@v2` to classify the update.
- Calls `gh pr merge --auto --squash`, which lets GitHub wait on
  branch-protection required status checks before merging.
- Only patch and minor updates auto-merge. Majors stay manual.

Prereqs (also being set on the repo):
- `allow_auto_merge=true` at repo level.
- Branch protection on main with required status checks for the CI
  `build` job and each of the Node.js Package driver matrix jobs, so
  a Dependabot PR cannot be auto-merged until the full driver suite
  and the lint/ts-check/build pipeline are green.

Author: JohnMcLear

.github/workflows/automerge.yml

@@ -1,29 +1,27 @@
-name: Dependabot Automerge
+name: Dependabot auto-merge
+
+on: pull_request
+
 permissions:
   contents: write
   pull-requests: write
-on:
-  workflow_run:
-    workflows:
-      - CI
-    types:
-      - completed
 
 jobs:
   automerge:
-    if: >
-      github.event.workflow_run.conclusion == 'success' &&
-      github.event.workflow_run.event == 'push' &&
-      github.event.workflow_run.actor.login == 'dependabot[bot]'
     runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
-      - name: Checkout
-        uses: actions/checkout@v6
+      - name: Fetch Dependabot metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Automerge
-        uses: "pascalgn/automerge-action@v0.16.4"
+      - name: Enable auto-merge for patch and minor updates
+        if: >-
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --squash "$PR_URL"
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          MERGE_METHOD: squash
-          MERGE_LABELS: ""
-          MERGE_RETRY_SLEEP: "100000"
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}