enable dependabot bumping of docker images

[upodroid]

key CI images are out of date, and I'm seeing a lot of CVEs reported by Datadog in our CI clusters.

https://us5.datadoghq.com/container-images?query=image_registry%3A%28gcr.io%20OR%20us-docker.pkg.dev%29&cols=name%2Ccontainer_count%2Csource%2Cvulns%2Ctag%2Crepo_digest%2Csize%2Cbuilt&sort=built

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: upodroid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [upodroid]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[BenTheElder]

key CI images are out of date, and I'm seeing a lot of CVEs reported by Datadog in our CI clusters.

Exploiting these isn't very interesting though, we provide RCE by design ... often as root on a disposable CI environment.

However, we do need to be careful about being able to patch other issues while not being blocked on breaking CI.

E.G. in the past bumping gcloud has broken the rather fragile kube-up.sh, we used to ask test-infra folks to keep an eye out when running upgrades and handle rollbacks.

This tower of tech debt stinks, but we all only have so much time to chip away at it.

I'm a little hesitant, generally I'm in favor of staying up to date, fully patched, etc, but these are primarily out of date not because sending a PR to bump them is hard, but because nobody wants to expend energy on dealing with failures at the moment and we have some fragile bits (e.g. also the dind in this repo is ... something we should improve and sensitive to docker updates) ...