If you are talking about scripted multisig, i.e. one that uses either OP_CHECKMULTISIG or a leafscript with OP_CHECKSIGADD: No, because the address is a representation of the output script, and the output script includes a definition of which three public keys form the quorum. Changing the quorum will therefore change the output script and a different output script will be represented by a different address.
If you are talking about a P2TR output encoding an output that under the hood can be spent with a 2-of-3 threshold signature (e.g. using FROST or ROAST): Yes, because you can use two private keys to create three new shards of which 2-of-3 are sufficient to produce a valid signature. This allows you to rekey your wallet without moving your funds.
Anyway, you shouldn't reuse addresses, so you should not be too worried about being able to keep the same one. Address reuse is one of the most prevalent and easiest to avoid privacy faux pas.
The exception would be if you're taking about a static address scheme like Silent Payments, where you use the static information to generate a fresh output script based on your inputs, but that's a completely different story in the first place, and I'd reckon it won't be for a while before anyone tries to combine that with multisig.
You usually would have multiple xpubs. For each participating key one, and you’d derive one subkey further down for each subsequent key. I.e. your first address would be key 0 on all three keychains, the second would be key 1 on all three keychains, etc.
I would suggest using a ranged output script descriptor instead, that way you could encode the entire output script template in one thing.
Don't fuck with multisig unless you have an excellent reason to do it (business, shared wallet scheme, etc), and preferably are using a 3rd party to store 1/3 keys, and to store 3/3 pubs. Going alone you can lose a key yes, but you'll still need 3/3 xpubs. It turns into a mess of storing multiple keys, multiple pubs, while juggling multiple hardware devices. You don't need multisig. SeedXOR is better if you use a ColdCard. And 1 key with a passphrase is more than enough security.
The reason is for a business. I am looking into it what is possible especially if one person leaves the company. I want to find out if you can remove/replace a key without necessarily moving all the funds.
It is but only by moving all sats to the new 2of3 address. Definitely worth it since after loss of one key the risk immediately increases to be higher than a single address. But try to not lose it in the first place.
OP_CHECKMULTISIG
or a leafscript withOP_CHECKSIGADD
: No, because the address is a representation of the output script, and the output script includes a definition of which three public keys form the quorum. Changing the quorum will therefore change the output script and a different output script will be represented by a different address.