After some sleppless nights I got it 
! Hopefully my investigations can help other users.
Mosquitto runs as a service and creates an hidden user "mosquitto" for its own. It will be visible with command cat /etc/passwd.
Starting mosquitto for the first time as described above (mosquitto -c /etc/mosquitto/mosquitto.conf) the mosquitto user should create files: mosquitto.log, mosquitto.db
at usb stick location /mnt/sda1/mosquitto/ - but this location is owned by user root, because usb packages installation/configuration was done from root perspective.
It's quiet strange: The log file is created, but the mosquitto.db isn't and passwords.txt isn't used for authentication too.
Unfortunately the log file doesn't show any hints, why the persistence file isn't written.
Therefore I used WinSCP/putty to extend the folder permissions temporarily to 0777. Restarting the mosquitto service I got:
**name rights owner**
mosquitto.db rw------- mosquitt
mosquitto.log rwxrwxrwx root
passwords.txt rw------- mosquitt
Interesting:
The persistence file was created and the formerly generated and encrypted file passwords.txt owned by user root was taken over by user mosquitt(o - only 8 characters allowed)
The wage for this headache - I got a:
- free additionaly openwrt router running mosquitto broker
- separate Wifi AP for smart home network only
- control off all my MQTT-devices via smartphone app MQTT Dash, avoiding complex haevyweights like openhab, homeassistant a.o.