Update Python image in dockerfiles and consider adding Dependabot

[magnusbaeck]

Description

The dockerfiles are based on the python:3.6.12-buster image. Python 3.6 is EOL on 2021-12-23 and is quite old in general. We should update the image to the most recent in the 3.9 series and consider adding a Dependabot configuration to keep the image reasonably updated. Perhaps a monthly trigger will do, at least until we set up sufficient CI so we can automerge any PRs that pass the tests.

Motivation

We shouldn't reference outdated images, especially not those that are or are about to become EOL. That's just good housekeeping. Also, none of us developers are likely to use outdated releases and it would be a pity if things work locally and in CI but doesn't work in the Docker image.

Exemplification

As noted above, Python 3.6 is EOL is just a few months and referenced EOL language releases is a poor practice.

Benefits

Our Docker image dependencies are kept up to date without much manual intervention. If there are incompatibilities with newer Python releases I'd expect us to discover them earlier.

Possible Drawbacks

If we introduce Dependabot there will be a chore (depending on what frequency we choose) to do a quick smoketest of the binaries to make sure they're okay before merging the PR.