add docker hub token for auth'd requested; add cooldown back into dependabot.yml

[eviljeff]

Fixes: mozilla/addons#16103 ...?

Description

Adds in auth for dockerhub, so api calls that were previously rejected now work. Also reverts the change to drop cooldown for docker-compose, because the cooldown is what appeared to trigger the api calls.

Context

Note, this only addresses the docker hub registry. If this works for docker hub hosted images we need to repeat for Github's registry (for zizmor), and either get an equivalent token for elasticsearch's dedicated registrry, or switch to use docker hub (elasticsearch seems to publish their images on docker hub too).

After merging it might be some time before we know if this actually fixes the issue for sure - we need both a new version of a docker-compose package; and to wait for 7 days for the cooldown period to end. (we could set a shorter, say 1 day, cooldown to accelerate?)

Testing

n/a

Checklist

• Add #ISSUENUM at the top of your PR to an existing open issue in the mozilla/addons repository.
• Successfully verified the change locally.
• The change is covered by automated tests, or otherwise indicated why doing so is unnecessary/impossible.
• Add before and after screenshots (Only for changes that impact the UI).
• Add or update relevant docs reflecting the changes made.

[diox]

Don't we need replaces-base: true as well ?

[diox]

Also, we want that for docker package ecosystem as well, not just docker-compose