We have grouped security updates enabled by default at the org level,
however when a repo defines its own `dependabot.yml` it will override
the org's defaults. We don't currently define any grouping for security
updates, hence why we have so many outstanding dependabot PRs.
This adds 3 new groups:
* A security group, to re-enable grouped security updates.
* A docker group, to bump core Docker dependencies like buildx,
buildkit, etc.
* An "other" group as a catch-all for everything else. AFAICT there's no
way to have Dependabot _only_ bump versions for Pulumi & Docker
dependencies, so just dump everything else in here.
The existing pulumi group stopped receiving updates for some reason but
[seems to be
working](https://github.com/pulumi/pulumi-docker-build/pull/111) again
after I re-opened one of the closed PRs.
* Rename the provider to dockerbuild.
* Add Makefile targets required by CI.
* Add per-language test targets compatible with CI.
* Fix broken example yaml.
* Add gitignore exclusions to fix SDK generation in CI.
* Fix lint errors.
* Vendor pulumi CLI via `tools.go` instead of `.pulumi`.
* Consolidate `go.mod`s into one file, with a minimal `go.mod` for the
Go SDK.
* Add codecov.
