This is what TLS-PSK is....
If you want to pretend that you can reaaallly just have a AES
encryption only, on clients, then sure, you can just do that. You
can have your clients encrypt and just use mqtt "unencrypted" as
a byte transport. You have to accept that your topics are clear
text still.
This is also known as "rolling your own crypto" (You may consider
just abandoning crypto if it's "too hard", it's it's "too hard",
then clearly what you have isn't worth protecting.)
Sincerely,
Karl Palssonn