exclude provided and optional dependencies from submission

This makes it easier to use the dependabot security report for artifacts
that actually come in as transitive dependencies for our users. The
chance that an advisory for an optional/provided/test/built-time
dependency actually impacts our build seems to small to justify the
noise it adds.

Fixes apache#1553

.github/workflows/dependency-graph.yml

@@ -20,3 +20,5 @@ jobs:
       - name: Install sbt
         uses: sbt/setup-sbt@v1
       - uses: scalacenter/sbt-dependency-submission@v2
+        with:
+          configs-ignore: compile-internal optional