fix: dependabot github-actions ecosystem config and bump ci-workflows to v0.2.15

[Copilot]

The github-actions ecosystem in dependabot was configured with directories: ["**/*"] which is not a valid pattern for that ecosystem — dependabot only supports "/" to scan .github/workflows/. This meant workflow action versions were never auto-updated.

Changes

• .github/dependabot.yaml: Replace "**/*" with "/" for the github-actions ecosystem
• .github/workflows/*.yml: Update all go-openapi/ci-workflows references from v0.2.9 → v0.2.15 (84f8f9c → e8e6599)

Affected workflows: go-test, codeql, contributors, auto-merge, bump-release, scanner, tag-release.

---

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.20%. Comparing base (ff11cfa) to head (8765145).
⚠️ Report is 2 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #78      +/-   ##
==========================================
- Coverage   91.24%   91.20%   -0.05%     
==========================================
  Files          91       91              
  Lines       11929    11929              
==========================================
- Hits        10885    10880       -5     
- Misses        830      833       +3     
- Partials      214      216       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.