chore: remove dependabot-automerge workflow

[lewta-lucy]

Replaces the dependabot-automerge.yml GitHub Actions workflow with Lucy's daily cron job PR review process.

Why: The workflow failed on every Dependabot PR because GITHUB_TOKEN cannot approve its own PRs when branch protection requires a human reviewer.

Replacement: Lucy (lewta-lucy) runs a daily cron job at 10am that:

• Reviews all open PRs (Dependabot + external contributors)
• Risk-ranks each PR and checks CI
• Auto-approves and merges Dependabot patch/minor PRs when CI is green
• Holds major version bumps and external contributor PRs for Aaron
• Cuts a patch release after any merges

[lewta]

Approving — correct call. The old workflow's approve step couldn't actually work (GITHUB_TOKEN can't approve Dependabot PRs when branch protection requires a human review), so this removes dead automation. Moving the work to a real account (lewta-lucy) fixes the root limitation. Clean single-file deletion, no dangling references, CI green.

Non-blocking follow-ups:

1. Enforce the policy in GitHub, not just Lucy's config. Auto-merge authority now sits with a standing PAT rather than a scoped, ephemeral CI token. Back the "patch/minor + CI-green only, hold major/external" guardrail with branch-protection rules + CODEOWNERS so the limit is enforced by GitHub itself — prompt drift or a compromised host then can't merge arbitrary code.
2. Add a liveness signal for the cron. Since the automation is now off-repo, an alert if the daily run doesn't check in would keep Dependabot PRs from silently stalling if the Pi goes offline.