Configure dependabot to keep k8s dependencies on 0.31.x

Add dependabot ignore rules to maintain Kubernetes dependencies at
the 0.31.x release line for OpenShift 4.18 / Kubernetes 1.31
compatibility:

- Block all k8s.io/* packages from updating to >= 0.32.0
- Block k8s.io/klog/v2 from updating to >= 3.0.0
- Completely ignore k8s.io/kube-openapi and k8s.io/utils as they
  use special version pinning in go.mod replace directives

This allows patch updates within the 0.31.x line while preventing
automatic updates to newer Kubernetes versions that would break
compatibility with OpenShift 4.18.

Co-authored-by: Claude (Anthropic) [email protected]

Signed-off-by: Martin Schuppert <[email protected]>

Author: stuggi

.github/dependabot.yml

@@ -11,6 +11,14 @@ updates:
     - dependency-name: "kubevirt.io/containerized-data-importer-api"
     - dependency-name: "sigs.k8s.io/controller-runtime"
     - dependency-name: "github.com/metal3-io/baremetal-operator/apis"
+    # These have special version pinning in go.mod (see replace directives)
+    - dependency-name: "k8s.io/kube-openapi"
+    - dependency-name: "k8s.io/utils"
+    # Keep k8s dependencies on 0.31.x (OpenShift 4.18 / Kubernetes 1.31)
+    - dependency-name: "k8s.io/*"
+      versions: ">= 0.32.0"
+    - dependency-name: "k8s.io/klog/v2"
+      versions: ">= 3.0.0"
 - package-ecosystem: "gomod"
   directory: "/"
   schedule: