Solved !
I want to thank Dani of Moodle App team 🤩, and share with you his answer.
We only use the script in content rendered by the app, content rendered in an iframe is not treated. That's why it works in Page (the app replaces the original Vimeo link and uses the wsplayer.php script instead), but it's not working for SCORM because the SCORM content is rendered in an iframe.
What we always recommend in cases like this is to contact Vimeo and ask them to support restricting videos by user agent too, not just by URL. That way you could configure the video to work in the app. Hopefully if they keep getting requests like this they might implement it in the future.
If the client doesn't want to make the videos public, the only solution I can think of is that you edit the SCORM package and manually replace the links to Vimeo to use the wsplayer.php instead. This wsplayer script requires the video ID and a user token (to make sure that only users authenticated in the site can view the video), so you should create a new user that isn't enrolled to any course or anything (because his token can be used to call any WebService), create a WebService token for this user and then use it in the SCORM. The URLs to the site will need to be hardcoded, so this SCORM will only work for a specific site.
E.g. if the SCORM has an iframe pointing to https://player.vimeo.com/video/VIDEOID, you should replace the URL with YOURSITEURL/media/player/vimeo/wsplayer.php?video=VIDEOID&token=TOKEN
The solution is quite ugly, but it's the only one I can think of.