Update github-actions-policy.md added a note about dependabot

Author: cottage14

content/pages/github-actions-policy.md

@@ -7,6 +7,9 @@ For details on the use of requirement level terms, see the <a href="https://www.
 
 For additional advice on how to use this feature safely, see <a href="https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+Security" target="_blank">GitHub Actions Security</a>.
 
+### Dependabot
+All repositories using GitHub Actions **must** have dependabot enabled.
+
 ### Resource use
 Due to misconfigurations in their builds, some projects have been using unsupportable numbers of [GitHub Actions](github-actions-secrets.html). As part of fixing this situation, Infra has established a policy for GitHub Actions use: