feat: add `process-dependabot-reusable` workflow (Bash-based alternative) (#419)

* feat: add `process-dependabot-reusable` workflow (Bash-based alternative)

This PR introduces a **reusable GitHub Actions workflow**, `process-dependabot-reusable`, designed to streamline the handling of Dependabot pull requests across repositories — implemented entirely with **shell scripts**.

This serves as a Bash-based alternative to #418, which uses TypeScript.

### 🔄 Key Differences from #418

* **Trigger**: Runs on `pull_request_target` (not `push`), which is required by the `dependabot/fetch-metadata` action.
* **Implementation**: Written using **standard POSIX tools** with a few dependencies:

  * **`bash`** – some Bash-specific constructs are used
  * **`jq`** – for processing JSON output from `dependabot/fetch-metadata`
  * **`xmlstarlet`** – for parsing `pom.xml` and generating a changelog XML file
  * **`git`** – to commit and push any changes
  * **`gh`** – to enable "auto-merge" on the pull request

This approach avoids the Node.js/TypeScript toolchain and relies only on standard CLI tools commonly available in CI environments.

* fix: Typos detected by Copilot

* fix: install `xmlstarlet`

* fix: replace `apt` with `apt-get`

The `apt` command is not recommended for scripting.

* feat: Split Dependabot workflow into privileged and unprivileged parts

This change splits the Dependabot automation into two reusable workflows:

* **Unprivileged workflow** (`analyze-dependabot-reusable`):
  Runs on `pull_request` with no permissions. It analyzes Dependabot PRs and generates metadata safely.

* **Privileged workflow** (`process-dependabot-reusable`):
  Uses the metadata from the unprivileged step to generate changelog files and enable the "auto-merge" option. Requires access to our GPG key and Personal Access Token.

* fix: limit the number of tokens

* fix: drop all permissions by default

* Apply suggestions from code review

Co-authored-by: Volkan Yazıcı <volkan@yazi.ci>

* fix: switch to `dependabot/fetch-metadata`

* fix: apply review suggestions

* fix: extract PR data from caller of `process-dependabot-reusable`

* fix: inline user-name and user-email

* fix: add `changelog-path` and remove `xmlstarlet`

* fix: sort inputs

* fix: filters on PR user

* fix: remove computable parameters

Removes the parameters that can be computed.

* fix: refactor XML escaping

* fix: debug `workflow_run` payload

* fix: remove license line

* fix: add comments to checks

* fix: check order

* fix: adapt to `ppkarwasz` organisation

* Bump Dependabot workflow dependencies

* Remove commit signing

* Modify preconditions

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Move Dependabot workflows to #473

This changes:

- Moves reusable workflows to the `gha/v0` branch (#473).
- Creates Dependabot workflows for `logging-parent`.

---------

Co-authored-by: Volkan Yazıcı <volkan@yazi.ci>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>