Add command to remove the dependency instead of upgrading it

[BHSPitMonkey]

As I've been working through a backlog of Dependabot version update PRs, I've run into several cases where I check how the dependency is used by the application and realize that it's no longer needed in our manifest.

When this happens, I'll go and remove the entry (and update the lock file) by hand—but this seems like a pattern that could be replaced with a handy @dependabot command instead (e.g. @dependabot remove or @dependabot drop) to update the current PR in-place, replacing the upgrade with a removal.