So i am battling the same problem and i've come a step further. I have tried initially calculating the averages by using scoreInPercentage and looping through every category, but when using the scoreInPercentage collective average per category i get close like you, but not a exact same value as in the defender portal.
So i took a different route and that was making a total sum of all scores per category by looping through the api response. I realised that the max attainable secure score points was a sum total of all its parts (categories), so the percentage per category must be calculated by the max attainable score per category vs attained score per category. The only thing you have to make sure is that you filter only on the last day and not go through the whole 90 day log of the api response. Now a different problem arises and this is that you cannot get the max value per category anywhere. The only way i have managed to get a 100% accurate representation of the individual categories is by hardcoding the max value (as shown in defender portal) per category, and then calculating a percentage based on the score achieved per category.
Yes you can call https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles and see max attainable points per control, but you cannot just sum total all the points per category, because it will return all available controls and not just the controls you have set-up (or have licensing for). In my case it showed 809 max attainable points for a category while the portal showed 371. So the only way you could get around this (i believe) is to literally compare every control by name from "https://graph.microsoft.com/v1.0/security/secureScores" with the controls in "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles" (have not tested this). There is no place that shows max scores per category as far as i know. But i hope someone has a better way of dealing with this. For me this is a tad bit much compute to be running from a function app (financially speaking).
I have used typescript, so my code is probably of no value here.