Justin could vote for 1 real account + 29 community witnesses and still use his power fully.

And that would not have been a Sybil attack. He also could not take over the chain with this approach unless those 29 witnesses agreed with him. In that case, it would have been done according to the proper design of DPoS (again, not a Sybil).

Yes, he only needed 20 (technically only needed 15) to do what he wanted to do. The moment "pseudonymous identities" were used to accomplish this, it became a Sybil attack. You are a technical person who has been in this space a while and you of all people should understand this. I don't think it's at all helpful to deny what took place. What is helpful is calling it exactly what it is and figuring out how to prevent it in the future.

To your point, there are other attack vectors also demonstrated here (bribe attack, centralized custodial stake without skin in the game, etc), but the real one which broke Steem, IMO, was this Sybil attack where fake accounts were able to act as a single individual. As you say, it's supposed to be Sybil resistant. It was not in this case.