You can see this discussion which asks the similar question considering both Redis and MQTT. You would have to modify the source code of GVMD to supply the password to MQTT if you password protect the service.
However, you can further harden access to MQTT via SELinux instead of going through that trouble.
Thank you for your reply, Since the code is hardcoded, I am wondering why we are using mqtt_server_uri = localhost:1883 in /etc/openvas/openvas.conf why not make it dynamic so the application will understand the secure one for example mqtt_server_uri = USER:PASS@localhost:1883 instead of fixing it from GVMD code manage.c file.
Sadly it’s hardcoded, and changing the parameter will not fix the issue, It will be great if this is changed in the source code, in the meantime I will try to edit the source code locally.
You could create a feature request on the repository over at GitHub for all components currently not supporting MQTT services using username and password: