[dev]: utilize GitHub security tools

@jawnsy brought up adding dependabot to code-server in #2830 

I took a look at the Security tab and it looks like there is a lot of security tools provided by GitHub that we should be utilizing (including dependabot alerts).
<img width="988" alt="image" src="https://user-images.githubusercontent.com/3806031/110352335-0a35a380-7ff3-11eb-8d5d-23a72e0b51c9.png">
