So removing all permissions from the service account and granting only storage admin access, along with full API access for Cloud Scope, ultimately worked. I stopped the current VM and restarted it, and now the gcloud cp command is functioning properly.