Configure dependabot to always target the RC
This maybe belongs in infra. Not sure.
Dependabot is almost always making security-related PRs. But it does it against master, so we end up manually recreating and then deleting the original, which angers dependabot (not really since it's a robot, but it posts a response). There is https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#target-branch, but the civi naming for branches doesn't make it easy to target the RC.
It may be more trouble than it's worth just for this, but branch-naming the RC so that it can be targeted more easily would be useful elsewhere too.