IPv6, In security purpose, We change the client MAC address bit value number 7, but is it possible to change the multiple bit value number from client MAC address?
As a MAC address can be changed, it can be unwise to rely on this as a single method of authentication. IEEE 802.1x is an emerging standard better suited to authenticating devices at a low level.
The EUI method for forming an IPv6 address is essentially discouraged, these days, because of privacy concerns. Having a MAC address embedded in the IP address can uniquely identify each device in use, the brand, even possibly the owner.
So sure, you can vary any of the 48 bits, all of them, and you can even make the Interface ID (IID) bits short-lived, so they change frequently. The only important requirement being that the IID must be unique, within any given subnet. Or said another way, the IID bits of any host interface must be unique for any given prefix, where the prefix bits are 128 - number of IID bits.
One RFC that applies to your question is RFC 7217. It describes how to create secure IID bits for stateless address auto-configuration (SLAAC).
https://datatracker.ietf.org/doc/rfc7217/
This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that an IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses (e.g., IEEE LAN Media Access Control (MAC) addresses), such that the benefits of stable addresses can be achieved without sacrificing the security and privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique-local prefixes (and their corresponding addresses).
Then, to make the point more forcefully, you have RFC 8064.
https://datatracker.ietf.org/doc/rfc8064/
This document changes the recommended default Interface Identifier (IID) generation scheme for cases where Stateless Address Autoconfiguration (SLAAC) is used to generate a stable IPv6 address. It recommends using the mechanism specified in RFC 7217 in such cases, and recommends against embedding stable link-layer addresses in IPv6 IIDs. ... This document does not change any existing recommendations concerning the use of temporary addresses as specified in RFC 4941.