Add Dependabot cooldown to all updates entries

[Copilot]

Description

Adds a cooldown block to every updates entry in .github/dependabot.yml to delay update PRs until a configured number of days after a release, reducing PR churn.

Applied the cooldown to all four ecosystems (github-actions, gomod, devcontainers, npm):

cooldown:
  default-days: 7

• Uses only default-days: 7 for the initial rollout (per review feedback); semver-specific overrides can be added later if needed.
• Inserted after schedule: (before groups: where present) for consistent ordering across entries.
• Config still validates against the Dependabot v2 schema.

Scope note: this PR covers radius-project/radius only. The other repositories listed in the issue require separate PRs in their respective repositories.

Type of change

• This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional).

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

• An overview of proposed schema changes is included in a linked GitHub issue.
  • Yes
  • Not applicable
• A design document is added or updated under eng/design-notes/ in this repository, if new APIs are being introduced.
  • Yes
  • Not applicable
• The design document has been reviewed and approved by Radius maintainers/approvers.
  • Yes
  • Not applicable
• A PR for resource-types-contrib is created, if resource types or recipes are affected by the changes in this PR.
  • Yes
  • Not applicable
• A PR for dashboard is created, if the Radius Dashboard is affected by the changes in this PR.
  • Yes
  • Not applicable
• A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
  • Yes
  • Not applicable

[DariuszPorowski]

@brooke-hamilton @copilot I think for initial start we can keep default 7, and adjust over time (if needed) - or is any reasoning to keep 30 for major one?

[Copilot]

@brooke-hamilton @copilot I think for initial start we can keep default 7, and adjust over time (if needed) - or is any reasoning to keep 30 for major one?

No strong reasoning to keep 30 for major - the semver-specific values were just the example defaults from the issue. Simplified to cooldown.default-days: 7 only for all ecosystems in efe9192; we can add semver-specific overrides later if needed.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[Copilot]

Pull request overview

This PR updates the repository’s Dependabot configuration to reduce update-PR churn by introducing a cooldown window for each updates entry in .github/dependabot.yml.

Changes:

• Added a cooldown block with default-days: 7 to each Dependabot updates entry.
• Applied consistently across all configured ecosystems (github-actions, gomod, devcontainers, npm).
• Kept ordering consistent by placing cooldown after schedule (and before groups where present).

[brooke-hamilton]

🚀 I tested this on a fork