Adding a query for default handlers (#7924)

* Adding a query

* Update standard-query-library.yml

Thanks @brunerd and @brockwalters!

* Update standard-query-library.yml

Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>

docs/01-Using-Fleet/standard-query-library/standard-query-library.yml

@@ -910,6 +910,18 @@ spec:
   contributors: nabilschear
 ---
 apiVersion: v1
+kind: query
+spec:
+  name: Identify the default mail, http and ftp applications
+  platforms: macOS
+  platform: darwin
+  description: Lists the currently enabled applications configured to handle mailto, http and ftp schemes.
+  query: SELECT * FROM app_schemes WHERE (scheme='mailto' OR scheme='http' OR scheme='ftp') AND enabled='1';
+  purpose: Informational
+  tags: compliance, hunting
+  contributors: brunerd
+---
+apiVersion: v1
 kind: policy
 spec:
   name: Firewall enabled, domain profile (Windows)
@@ -1003,3 +1015,4 @@ spec:
   tags: compliance, inventory, built-in
   platform: darwin
   contributors: GuillaumeRoss
+