Because doing so wouldn't implicate existing nodes in the propagation of CSAM. Changing the default policies in Bitcoin Core would implicate nodes in CSAM propagation. Bitcoin Core is so synonymous with Bitcoin that if it is corrupted in this way then not even Knots users could cleanse themselves of me taint associated with the Core users, including most of the miners, relaying such transactions.

The sybil attack you're describing simply isn't worth to effort, it would defeat itself. They need us to stab ourselves in the eye and you are willing entertain the idea for them.