Add Dependabot configuration and QC Preflight Checks workflow

[sudeeshna21]

• This PR Adds .github/workflows/qcom-preflight-checks.yml to run automated Qualcomm preflight checks on every PR and push to main. This workflow enforces project quality and compliance standards by running:

  Semgrep scan – static code analysis for security/bug patterns
  Dependency review – flags vulnerable or license-incompatible dependencies
  Repolinter check – validates repo structure against project standards
  Copyright/license check – ensures all files have proper license headers
  Commit email check – verifies commits are made with approved email addresses
  These checks help maintain code quality, security, and open-source compliance across contributions.

• Adds .github/dependabot.yml to enable automated dependency updates via GitHub Dependabot. It is configured to:

  Monitor GitHub Actions workflow dependencies (.github/workflows/)
  Check for updates daily and automatically open PRs when newer versions of used actions are available
  This ensures CI/CD workflows always use up-to-date, patched versions of GitHub Actions, reducing exposure to known vulnerabilities in third-party actions.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.