Clarify Dependabot is exempt from IP allow list enforcement

Dependabot is a first-party GitHub App with explicit IP allow list
exemption. Update docs to accurately state that Dependabot can access
repositories regardless of IP allow list configuration.

Addresses: github/enterprise-primitives#5258

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: emisanada

data/reusables/dependabot/ip-allow-list-dependabot.md

@@ -0,0 +1,7 @@
+{% data variables.product.prodname_dependabot %} is a first-party {% data variables.product.github %} App whose repository access is exempt from IP allow list restrictions. This means {% data variables.product.prodname_dependabot %} can read dependency files and create pull requests regardless of your IP allow list configuration, even when running on standard {% data variables.product.github %}-hosted runners.
+
+If your {% data variables.product.prodname_dependabot %} workflows require predictable, static IP addresses for other reasons (for example, to access private registries behind a firewall), you should set up a self-hosted runner or enable {% data variables.product.prodname_dependabot %} for use with {% data variables.actions.hosted_runners %}. See [AUTOTITLE](/actions/concepts/runners/about-self-hosted-runners) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners#enabling-or-disabling-dependabot-on-larger-runners).
+
+Additionally, to learn more about setting up {% data variables.actions.hosted_runners %} with a static IP address configured, see [AUTOTITLE](/actions/concepts/runners/about-larger-runners).
+
+To allow your self-hosted runners or {% data variables.actions.hosted_runners %} to communicate with {% data variables.product.github %}, add the IP address or IP address range of your runners to the IP allow list that you have configured for your enterprise.