fix: Fallback to blob upload when cross-repo mount fails

[bupd]

What this PR does / why we need it
ORAS currently fails to push when registry(Harbor) denies a cross-repository blob mount, which happens when the destination user lacks access to the source project. In private registries this is common, making mount attempts unreliable.

This PR makes ORAS automatically fall back to a normal blob upload when the mount is denied, matching expected registry client behavior and ensuring pushes succeed even without cross-project permissions.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1892

Please check the following list:

• Does the affected code have corresponding tests, e.g. unit test, E2E test?
• Does this change require a documentation update? No
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have an appropriate license header?

[Copilot]

Pull request overview

This PR adds automatic fallback to regular blob upload when cross-repository blob mount fails due to permission errors. ORAS currently fails when Harbor or other registries deny mount requests from private repositories the user doesn't have access to. This change makes the tool resilient by retrying the operation without the mount optimization when permission-related errors are detected.

Key Changes:

• Refactored copy logic into a reusable executeCopy closure to enable retry functionality
• Added error detection and retry logic that disables mounting when authorization failures occur
• Maintained all existing copy paths (recursive, empty reference, and standard copy)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[shizhMSFT]

Other parts of the code looks fine.

[codecov]

Codecov Report

❌ Patch coverage is 92.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.20%. Comparing base (992543e) to head (d27a689).

Files with missing lines	Patch %	Lines
cmd/oras/root/cp.go	92.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1924      +/-   ##
==========================================
- Coverage   87.22%   87.20%   -0.02%     
==========================================
  Files         143      143              
  Lines        5540     5549       +9     
==========================================
+ Hits         4832     4839       +7     
- Misses        421      423       +2     
  Partials      287      287              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[bupd]

@shizhMSFT , @Wwwsylvia fixed review comments,

Thanks for the review.

[TerryHowe]

/lgtm