Add 14 days cooldown period to dependabot

This makes dependabot only consider new releases that are older than
14 days. Effectively, this gives the community a chance to catch
security issues.

Author: lagru

.github/dependabot.yml

@@ -5,6 +5,8 @@ updates:
     directory: "/"
     schedule:
       interval: "quarterly"
+    cooldown:
+      default-days: 14
     labels:
       - "devops"
       - "bot"