Instead of a script, you could try to set the "default route distance" in the LTE APN to something higher than 1, say 2, than the DHCP client used by the Wi-Fi interface. What should happen is if the Wi-Fi client interface gets a DHCP address, it would have distance of 1 (the default), and the Mikrotik would use the Wi-Fi route. Since the LTE route is up all the time, it would be only used if the default route from Wi-Fi wasn't there since it have a distance of 2. Mikrotik, like most routers, will use the route with the lowest distance first. Also, the IP route does support a "check gateway" that would take the route offline if there wasn't a connection, but I think a Wi-Fi client interface would be disabled if it's not connected to AP, and thus the route disappear without needing a check gateway setting.
With this scheme, you wouldn't need a VPN if you didn't mind some IP reconnections in your clients when you went from LTE to Wi-Fi - most of the time, this isn't a big deal. But you can use a VPN in the above scheme too, the VPN connection follow the IP distance as noted above...and in theory, long duration connection would not drop when you switched from LTE to/from Wi-Fi since the traffic would be tunnel. Although, I'd try without the VPN first, since you'd get 80%+ of what you'd want by just setting the default route distance.