🤖 Add 7-day cooldown to Dependabot updates

[WouterSioen]

Summary

• Adds a cooldown: { default-days: 7 } block to each ecosystem entry in .github/dependabot.yml (composer)
• Delays version updates by 7 days as a supply-chain-attack mitigation — malicious releases tend to be detected and yanked within days, so waiting reduces our exposure
• Security updates bypass cooldown (per docs), so CVE fixes still flow immediately

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.01%. Comparing base (1e43c6a) to head (8be07ff).

Additional details and impacted files

@@            Coverage Diff            @@
##               main      #67   +/-   ##
=========================================
  Coverage     97.01%   97.01%           
  Complexity       38       38           
=========================================
  Files             2        2           
  Lines           134      134           
=========================================
  Hits            130      130           
  Misses            4        4           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.