oras-go client should fallback to docker config if no credentials specified

[tonyay163]

Checklist:

• [X] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
• [X] I've included steps to reproduce the bug.
• [X] I've pasted the output of argocd version: 2.11.0

Describe the bug

I'm using https://github.com/argoproj/argo-cd/issues/17279 to authenticate to Google Artifact Registry as a helm registry using workload identity. Unlike https://github.com/argoproj/argo-cd/issues/10218, the other solution does not require installing ESO. This works in general since helm template can get creds via the $HOME/.docker/config.json. However, if you need to use targetRevision: * with your application, this ends up using the oras-go client here which is only configured for static credentials.

To Reproduce

1. Follow https://github.com/argoproj/argo-cd/issues/17279 to setup helm using an init container with a private repository
2. Add an application which uses a helm chart in the private repository with a fixed version. This should succeed.
3. Add an application which uses a helm chart in the private repository with targetRevision: *. This should result in a permission denied.

Expected behavior

oras-go uses the same creds as helm

[tonyay163]

I've contributed a fix in https://github.com/argoproj/argo-cd/pull/18133 which I've been running in prod for a few months now.