fix(dependabot): avoid lockfile updates (#3434)

This is an attempt to _avoid_ lockfile-only updates now that we are tracking the `Cargo.lock` in Git.

.github/dependabot.yml

@@ -8,6 +8,7 @@ updates:
     commit-message:
       prefix: "deps"
     rebase-strategy: "disabled"
+    versioning-strategy: "widen"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule: