chore: update dependencies and add Dependabot (closes #53)

- better-sqlite3 9 → 12 (Node.js ≥22 required, already enforced)
- dotenv 16 → 17 (minor: logging now enabled by default)
- express-rate-limit 7 → 8 (IPv6 /56 subnet grouping, no deprecated options used)
- express-session 1.18 → 1.19
- helmet 8.0 → 8.1
- googleapis 144 → 171
- tsdav 2.0 → 2.1
- Add .github/dependabot.yml for automated weekly npm updates

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+    open-pull-requests-limit: 10
+    labels:
+      - dependencies
+    groups:
+      production-dependencies:
+        dependency-type: production
+      development-dependencies:
+        dependency-type: development