Integrate cooldown for dependabot #5103
Description
We'd like to ensure that packages are released for at least 24 72 hours, to decrease recent risks regarding malicious packages.
24 hours seems to be the bare minimum of what makes sense to set for this delay. In discussion I even heard suggestions for up to a week, which seems to be far too long especially for bug fixes. So we should start with something in between.
More information: