Build: Don't run CI push workflows for dependabot branches

Without this change, dependabot PRs run double checks - one set for the `push`
part and one for the `pull_request` part.

Closes gh-5353

.github/workflows/codeql-analysis.yml

@@ -1,8 +1,9 @@
 name: "Code scanning - action"
 
 on:
-  push:
   pull_request:
+  push:
+    branches-ignore: "dependabot/**"
   schedule:
     - cron: '0 4 * * 6'
 
@@ -30,7 +31,7 @@ jobs:
     # the head of the pull request instead of the merge commit.
     - run: git checkout HEAD^2
       if: ${{ github.event_name == 'pull_request' }}
-      
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5

.github/workflows/node.js.yml

@@ -1,6 +1,9 @@
 name: CI
 
-on: [push, pull_request]
+on:
+  pull_request:
+  push:
+    branches-ignore: "dependabot/**"
 
 permissions:
   contents: read # to fetch code (actions/checkout)