My personal fave way to work around CORS issues is to create a middleware server that you control. From there, you can make whatever external calls you want. Then from your plugin fetch($YOUR_SERVER) because you control both ends you can set the correct CORS policy.
A super simple (and free) way to do this is using Glitch’s express server template. Add the cors npm package and use it with express: app.use(cors()). You’ll be able to fetch any endpoint you setup in express within your plugin.
There are other ways and some are faster/easier, but controlling both sides of the request is the best way imho.