This PR adds a new Github workflow (the project's first) which is designed to fix our recent influx of Dependabot PRs which fail to pass our build tests. See #839, #831 et al.

Although Dependabot is correctly modifying the specific module it is working on, Dependabot does not consider any other modules in the repository while constructing the pull request. In our case, every build runs a go mod tidy across every go module, resulting in transitive dependencies of the changes introduced by Dependabot (e.g. a change in exporters/otlp/go.mod affects the go.sum files in example/otel-collector/ and example/otlp/) being modified during the build.

The workflow contained in this PR is designed to auto-fix these transitive dependencies whenever a pull request has a dependencies label added to it. It

• checks out the code
• constructs a go build environment
• runs the custom Github action evantorrie/mott-the-tidier@v1-beta to perform the same go mod tidy across a user-defined set of module paths as the CI build
• auto-commits the resulting go.sum changes

This should then retrigger another CI build with the newly fixed go.sum files, and ideally, pass correctly.

It uses two "non-Github-authored" Actions.

1. evantorrie/mott-the-tidier is written by me with a pre-ES2015 understanding of NodeJS Javascript. In this workflow, it is configured with the gosum_only gate which will fail if there are any non go.sum files showing as modified in the repo after the go mod tidys complete. This is intended to prevent auto-commit of anything other than go.sum files by the subsequent step in the job.
2. stefanzweifel/git-auto-commit-action@v4 is available in the Github actions marketplace and commits back to the PR branch any changes created by mott-the-tidier. Since we limit mott-the-tidier to making changes only to go.sum files, the resulting git-auto-commit-action has limited capacity for inadvertently corrupting the PR.