docs: add dependency-graph/snapshots API trigger to dependabot skill

[v2nic]

Problem

The current dependabot skill documents YAML configuration and PR commands, but omits a useful API endpoint: `POST /repos/{owner}/{repo}/dependency-graph/snapshots`.

This endpoint allows submitting dependencies via the GitHub API, which:

1. Triggers Dependabot alerts for known vulnerabilities
2. Triggers Dependabot security updates (creates PRs)

This is useful when you want to trigger Dependabot scans without making git commits or attributing actions to a personal account.

Relevant Documentation

From GitHub API docs:

"Submitted dependencies will receive Dependabot alerts and Dependabot security updates for any known vulnerabilities."

Request format:

curl -L -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependency-graph/snapshots \
  -d '{
    "version": 0,
    "sha": "<commit-sha>",
    "ref": "refs/heads/main",
    "job": {"correlator": "scan", "id": "123"},
    "detector": {"name": "my-scanner", "version": "1.0", "url": "https://example.com"},
    "scanned": "2026-04-08T12:00:00Z",
    "manifests": {
      "package-lock.json": {
        "name": "package-lock.json",
        "file": {"source_location": "package-lock.json"},
        "resolved": { ... dependencies ... }
      }
    }
  }'

Proposed Change

Add a new section to the dependabot skill:

• "Triggering via API" or "Dependency Submission API"
• Document the snapshot endpoint
• Show example usage
• Note that it triggers Dependabot security updates without git commits

Benefits

1. Attributing actions to a bot/GitHub App instead of personal account
2. No need for empty commits to trigger scans
3. Programmatic dependency submission from CI/CD pipelines

References

• REST API: Dependency submission
• About the dependency graph

[aaronpowell]

Please contribute a PR with any improvements you find valuable to the skill.