add dependency-update workflow template (fixes #683)

[Rimsha2535]

Fixes #683

Checklist

Note: If any of the items in the checklist are not relevant to your PR, just check the box.

For any Pull Request

Is the following correct:

• the title of the Pull Request?
• the title of the corresponding issue?
• there are no other open [Pull Requests](../../../../pulls) for the same update/change?
• that the issue which this Pull Request fixes ("Fixes...") is mentioned?

When Changes Were Made

Did you:

• update the changelog?
• update the cookiecutter-template?
• update the implementation?
• check coverage and add tests: unit tests and, if relevant, integration tests?
• update the User Guide & other documentation?
• resolve any failing CI criteria (incl. Sonar quality gate)?

When Preparing a Release

Have you:

• thought about version number (major, minor, patch)?
• checked Exasol packages for updates and resolved open vulnerabilities, if easily possible?

---

Notes

• Changelog was not updated because this is an internal workflow/template change.
• No separate cookiecutter-template update was needed because the workflow template itself was updated.
• CI checks are currently failing and will be fixed.

[ArBridgeman]

The GitHub workflow code looked good, but it's always good test, so here are those tests done via
another branch (nearly identical to this one):

Use cases:

1. ✅ No vulnerability detected, so no update
   https://github.com/exasol/python-toolbox/actions/runs/24443525540/job/71414050584
2. ✅ Vulnerability detected, do an update, & create PR
   https://github.com/exasol/python-toolbox/actions/runs/24444147768/job/71416082184

Example PR:
#780

Like @ckunki said, we likely need to modify this text more to tell the user what to do. But it sounds like this would be done in a later effort.

[ckunki]

Added 2 comments

[ArBridgeman]

The GitHub workflow code looked good, but it's always good test, so @Rimsha2535 and I did that on May-4th.
Here are those tests done via
#815

Use cases:
- ✅ Branch is not default one, so don't run it
https://github.com/exasol/python-toolbox/actions/runs/25308604711/job/74190054621
- ✅ No vulnerability detected, so no update
https://github.com/exasol/python-toolbox/actions/runs/25308753000/job/74190514343
- ✅ Vulnerability detected, do an update, create PR, & notify in Slack
https://github.com/exasol/python-toolbox/actions/runs/25312452233/job/74202272517

Example PR:
#818

I'll modify the docs & checks in another issue: #792

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud