ci: drop approve step from Dependabot auto-merge

The approve step requires "Allow GitHub Actions to create and approve
pull requests" at the repo level, which is off here, so the workflow
fails on approve and the auto-merge step never runs. Without branch
protection requiring reviews, the approve was cosmetic anyway — the
auto-merge step alone gates on CI, which is the actual safety check.

Author: jeremy

.github/workflows/dependabot-auto-merge.yml

@@ -19,18 +19,6 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       # CI is the safety gate — auto-merging action updates is circular.
-      - name: Approve patch and minor updates (excluding actions)
-        if: >-
-          (
-            steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
-            steps.metadata.outputs.update-type == 'version-update:semver-minor'
-          ) &&
-          steps.metadata.outputs.package-ecosystem != 'github_actions'
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Enable auto-merge for patch and minor updates (excluding actions)
         if: >-
           (