Switch from dependabot to renovabot

[dmathieu]

This is meant to allow upgrading module dependencies (which dependabot doesn't currently look at), while switching to the tool that Platform Engineering recommends using.

[kruskall]

issue: dependabot is only configured to check github-actions because we don't want to force specific library versions on users. The goal was to let users pick the version by using it in their app
dependabot not checking version updates for go dependencies was intendend

[dmathieu]

We do force specific versions on them then. Old ones.

[kruskall]

We do force specific versions on them then. Old ones.

Nope, because they have a choice to use the version provided by the go agent (the minimum version supported by the agent) or pin to a new version 🙂

The argument when this was made was that the go agent would try to support as many versions as possible and only update if we want to increase the minimum supported version for security (see https://github.com/elastic/apm-agent-go/security/dependabot?q=is%3Aclosed)

[dmathieu]

All right, I'll close this.

For the record, this means all the warnings in snyk need to be ignored.
https://app.snyk.io/org/universal-profiler/reporting?context[page]=issues-detail&project_target=%255B%2522elastic%252Fapm-agent-go%2522%255D&project_origin=%255B%2522github%2522%255D&issue_status=%255B%2522Open%2522%255D&issue_by=Severity&table_issues_detail_cols=SEVERITY%257CSCORE%257CCVE%257CCWE%257CPROJECT%257CEXPLOIT%2520MATURITY%257CCOMPUTED%2520FIXABILITY%257CINTRODUCED%257CSNYK%2520PRODUCT&v=1